Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
OpenClaw Discord Allowlist Bypass on Unstable User Tags
GHSA-4cqv-h74h-93j4
Summary
Some user tags on Discord can accidentally match allowlist entries meant for others, allowing unauthorized access. To fix this, update to OpenClaw version 2026.2.22 or later and use stable Discord user IDs in your allowlists. Run the security audit tool to identify and address any affected settings.
What to do
- Update openclaw to version 2026.2.22.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.2.21-2 | 2026.2.22 |
Original title
OpenClaw has a Discord `allowFrom` slug-collision authorization bypass
Original description
OpenClaw supports Discord allowlists using either user IDs or names/tags. Name/tag matching depends on slug normalization, so different user tags can collide to the same slug and unintentionally satisfy a name-based allowlist entry.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `<= 2026.2.21-2`
- Patched versions: >= 2026.2.22
## What Changed
- `openclaw security audit` now warns on Discord name/tag allowlist entries (DM allowlists, guild/channel `users`, and pairing-store entries).
- Runtime authorization now prefers resolved user IDs when a configured name/tag can be resolved, without rewriting config files on disk.
- Name-based entries remain supported for compatibility.
## Recommendations
- Prefer stable Discord user IDs for security-sensitive allowlists.
- Run `openclaw security audit` and address warnings where practical.
## Fix Commit(s)
- f97c45c5b5e0698b6667bb5f6badc0cac7dabd12
- 747bb581b3f2264495e1fec5a0727d9f2ca1b6f1
OpenClaw thanks @tdjackey for reporting.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `<= 2026.2.21-2`
- Patched versions: >= 2026.2.22
## What Changed
- `openclaw security audit` now warns on Discord name/tag allowlist entries (DM allowlists, guild/channel `users`, and pairing-store entries).
- Runtime authorization now prefers resolved user IDs when a configured name/tag can be resolved, without rewriting config files on disk.
- Name-based entries remain supported for compatibility.
## Recommendations
- Prefer stable Discord user IDs for security-sensitive allowlists.
- Run `openclaw security audit` and address warnings where practical.
## Fix Commit(s)
- f97c45c5b5e0698b6667bb5f6badc0cac7dabd12
- 747bb581b3f2264495e1fec5a0727d9f2ca1b6f1
OpenClaw thanks @tdjackey for reporting.
ghsa CVSS3.1
6.5
Vulnerability type
CWE-287
Improper Authentication
Published: 3 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026