Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
OpenClaw Slack May Let Unapproved Senders Pin or React
GHSA-rm2p-j3r7-4x4j
Summary
A security issue in OpenClaw's Slack integration could allow unapproved senders to pin or react to messages, potentially causing unexpected behavior. Affected users should update to the latest version of OpenClaw to ensure only authorized senders can add reactions and pins. This issue has been fixed in version 2026.2.25.
What to do
- Update steipete openclaw to version 2026.2.25.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| steipete | openclaw | <= 2026.2.24 | 2026.2.25 |
Original title
OpenClaw's Slack reaction/pin sender-policy consistency issue in non-message ingress
Original description
### Summary
OpenClaw Slack monitor handled `reaction_*` and `pin_*` non-message events before applying sender-policy checks consistently.
In affected versions, these events could be added to system-event context even when sender policy would not normally allow them.
### Affected Packages / Versions
- Package: npm `openclaw`
- Latest published affected version confirmed: `2026.2.24` (npm latest as of February 26, 2026)
- Affected range: `<= 2026.2.24`
- Patched version : `2026.2.25`
### Technical Details
- `reaction_*` and `pin_*` handlers now route through shared sender authorization (`authorizeSlackSystemEventSender`).
- Enforced checks now include:
- DM `dmPolicy` / `allowFrom`
- channel `users` allowlist enforcement for non-DM channels
- channel-level allow checks before system-event enqueue
- Regression coverage added for DM allow/deny and channel-user allowlist deny paths.
### Fix Commit(s)
- `aedf62ac7e669a89c7b299201bf6537dc6b12e0e`
- `75dfb71e4e8b7c2feba5a8ca662f92ea840e0147`
### Impact
Low-severity policy-consistency issue in Slack non-message event ingress.
This may introduce unexpected reaction/pin context signals from senders outside configured policy.
### Release Process Note
`patched_versions` is pre-set to planned release `2026.2.25`. Advisory published with npm release `2026.2.25`.
OpenClaw thanks @tdjackey for reporting.
OpenClaw Slack monitor handled `reaction_*` and `pin_*` non-message events before applying sender-policy checks consistently.
In affected versions, these events could be added to system-event context even when sender policy would not normally allow them.
### Affected Packages / Versions
- Package: npm `openclaw`
- Latest published affected version confirmed: `2026.2.24` (npm latest as of February 26, 2026)
- Affected range: `<= 2026.2.24`
- Patched version : `2026.2.25`
### Technical Details
- `reaction_*` and `pin_*` handlers now route through shared sender authorization (`authorizeSlackSystemEventSender`).
- Enforced checks now include:
- DM `dmPolicy` / `allowFrom`
- channel `users` allowlist enforcement for non-DM channels
- channel-level allow checks before system-event enqueue
- Regression coverage added for DM allow/deny and channel-user allowlist deny paths.
### Fix Commit(s)
- `aedf62ac7e669a89c7b299201bf6537dc6b12e0e`
- `75dfb71e4e8b7c2feba5a8ca662f92ea840e0147`
### Impact
Low-severity policy-consistency issue in Slack non-message event ingress.
This may introduce unexpected reaction/pin context signals from senders outside configured policy.
### Release Process Note
`patched_versions` is pre-set to planned release `2026.2.25`. Advisory published with npm release `2026.2.25`.
OpenClaw thanks @tdjackey for reporting.
ghsa CVSS4.0
5.1
Vulnerability type
CWE-863
Incorrect Authorization
Published: 3 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026