Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.4
Slack Events from Unauthorized Senders Possible in OpenClaw
GHSA-v8cg-4474-49v8
Summary
Some Slack events in the OpenClaw system can be triggered by users who aren't authorized to send them. This could allow unauthorized access to certain Slack channels or messages. To fix this, make sure you update to the latest version of OpenClaw, which includes a patch to ensure only authorized users can trigger these events.
What to do
- Update openclaw to version 2026.2.26.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.2.25 | 2026.2.26 |
Original title
OpenClaw: Slack system events bypass sender authorization in member and message subtype handlers
Original description
### Summary
Slack `member_*` and `message` subtype system events (`message_changed`, `message_deleted`, `thread_broadcast`) were not consistently enforcing sender authorization before enqueueing system events.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published version: `2026.2.25`
- Affected range: `<= 2026.2.25`
- Planned patched version: `2026.2.26` (pre-set for publish-readiness)
### Technical Details
Slack system-event handlers in `src/slack/monitor/events/members.ts` and `src/slack/monitor/events/messages.ts` enqueued events after channel checks without shared sender authorization. Deployments relying on Slack DM allowlists (`dmPolicy` / `allowFrom`) or per-channel `users` allowlists could receive unauthorized system-event ingress from non-allowlisted senders.
The fix routes those handlers through `authorizeAndResolveSlackSystemEventContext(...)` and fails closed when message subtype sender identity cannot be resolved.
### Fix Commit(s)
- `3d30ba18a2aba1e1b302e77ff33145c3b06c01c8`
### Release Process Note
`patched_versions` is pre-set to `>= 2026.2.26` so once npm `2026.2.26` is published, this advisory can be published without further field edits.
Thanks @tdjackey for reporting.
Slack `member_*` and `message` subtype system events (`message_changed`, `message_deleted`, `thread_broadcast`) were not consistently enforcing sender authorization before enqueueing system events.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published version: `2026.2.25`
- Affected range: `<= 2026.2.25`
- Planned patched version: `2026.2.26` (pre-set for publish-readiness)
### Technical Details
Slack system-event handlers in `src/slack/monitor/events/members.ts` and `src/slack/monitor/events/messages.ts` enqueued events after channel checks without shared sender authorization. Deployments relying on Slack DM allowlists (`dmPolicy` / `allowFrom`) or per-channel `users` allowlists could receive unauthorized system-event ingress from non-allowlisted senders.
The fix routes those handlers through `authorizeAndResolveSlackSystemEventContext(...)` and fails closed when message subtype sender identity cannot be resolved.
### Fix Commit(s)
- `3d30ba18a2aba1e1b302e77ff33145c3b06c01c8`
### Release Process Note
`patched_versions` is pre-set to `>= 2026.2.26` so once npm `2026.2.26` is published, this advisory can be published without further field edits.
Thanks @tdjackey for reporting.
ghsa CVSS3.1
5.4
Vulnerability type
CWE-863
Incorrect Authorization
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026