Discord Voice Chat Security Flaw in OpenClaw Allows Unauthorized Access

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.3

Discord Voice Chat Security Flaw in OpenClaw Allows Unauthorized Access

GHSA-x2m8-53h4-6hch

Summary

A security flaw in OpenClaw, a Discord bot, allows hackers to bypass security checks and access voice chat channels without permission. This issue affects all versions of OpenClaw up to and including 2026.3.28. To fix this issue, update to version 2026.3.31 or later.

What to do

Update openclaw to version 2026.3.31.

Affected software

Vendor	Product	Affected versions	Fix available
–	openclaw	<= 2026.3.31	2026.3.31

Original title

OpenClaw: Discord voice ingress authorization can be bypassed via channel, name, and stale-role validation gaps

Original description

## Summary
Discord voice ingress authorization can be bypassed via channel, name, and stale-role validation gaps

## Current Maintainer Triage
- Status: narrow
- Assessment: Real in shipped v2026.3.28 Discord voice ingress, but impact is channel/member allowlist bypass rather than a broader critical auth break and mainline fix is unreleased.

## Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published npm version: `2026.3.31`
- Vulnerable version range: `<=2026.3.28`
- Patched versions: `>= 2026.3.31`
- First stable tag containing the fix: `v2026.3.31`

## Fix Commit(s)
- `dba96e7507e0900f120e5e28e57755d69bf78759` — 2026-03-31T21:29:13+09:00

OpenClaw thanks @cyjhhh for reporting.

osv CVSS4.0 7.3

Vulnerability type

CWE-862 Missing Authorization

Published: 3 Apr 2026 · Updated: 3 Apr 2026 · First seen: 3 Apr 2026