Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.4
Discord Reaction Hack in OpenClaw
GHSA-9vvh-2768-c8vp
Summary
A security issue in OpenClaw could allow unauthorized Discord users to trigger certain actions in a server, even if they're not allowed. This is because OpenClaw didn't check if the user was authorized to perform certain actions when they reacted to a message. To fix this, the developers have updated OpenClaw to enforce the same security checks for reactions as they do for messages. To stay safe, update OpenClaw to version 2026.3.11 or later.
What to do
- Update openclaw to version 2026.3.11.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.3.11 | 2026.3.11 |
Original title
OpenClaw: Discord guild reaction ingress could bypass users and roles allowlists
Original description
## Summary
In affected versions of `openclaw`, Discord reaction ingestion for guild channels did not enforce the same member users and roles allowlist checks used for normal inbound guild messages. A non-allowlisted guild member could still trigger reaction events that were accepted and queued as trusted system events for the target session.
## Impact
This is an authorization bypass in the Discord allowlist path. Reaction text could be injected into downstream session context even when the reacting guild member was not permitted by the configured users or roles allowlist.
## Affected Packages and Versions
- Package: `openclaw` (npm)
- Affected versions: `< 2026.3.11`
- Fixed in: `2026.3.11`
## Technical Details
The reaction ingress authorization path enforced DM, group, guild, and channel policy checks, but it did not apply the member-level users and roles allowlist gate that normal guild-message preflight uses. Accepted reactions were then enqueued as trusted system events for the routed session.
## Fix
OpenClaw now applies the same users and roles allowlist enforcement to guild reaction ingress that it already applies to normal inbound guild messages. The fix shipped in `[email protected]`.
## Workarounds
Upgrade to `2026.3.11` or later.
In affected versions of `openclaw`, Discord reaction ingestion for guild channels did not enforce the same member users and roles allowlist checks used for normal inbound guild messages. A non-allowlisted guild member could still trigger reaction events that were accepted and queued as trusted system events for the target session.
## Impact
This is an authorization bypass in the Discord allowlist path. Reaction text could be injected into downstream session context even when the reacting guild member was not permitted by the configured users or roles allowlist.
## Affected Packages and Versions
- Package: `openclaw` (npm)
- Affected versions: `< 2026.3.11`
- Fixed in: `2026.3.11`
## Technical Details
The reaction ingress authorization path enforced DM, group, guild, and channel policy checks, but it did not apply the member-level users and roles allowlist gate that normal guild-message preflight uses. Accepted reactions were then enqueued as trusted system events for the routed session.
## Fix
OpenClaw now applies the same users and roles allowlist enforcement to guild reaction ingress that it already applies to normal inbound guild messages. The fix shipped in `[email protected]`.
## Workarounds
Upgrade to `2026.3.11` or later.
ghsa CVSS3.1
5.4
Vulnerability type
CWE-284
Improper Access Control
CWE-863
Incorrect Authorization
Published: 13 Mar 2026 · Updated: 13 Mar 2026 · First seen: 13 Mar 2026