Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.2
Slack Bot Allows Unintended Users to Run Privileged Commands
CVE-2026-28392
GHSA-v773-r54f-q32w
GHSA-v773-r54f-q32w
Summary
A vulnerability in OpenClaw Slack allows any user who can direct message the bot to run sensitive commands. This could happen if the bot's DMs are set to allow open access. To fix this, update your OpenClaw Slack version to 2026.2.14 or later.
What to do
- Update steipete openclaw to version 2026.2.14.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| steipete | openclaw | <= 2026.2.14 | 2026.2.14 |
| openclaw | openclaw | <= 2026.2.14 | – |
Original title
OpenClaw Slack: dmPolicy=open allowed any DM sender to run privileged slash commands
Original description
## Summary
When Slack DMs are configured with `dmPolicy=open`, the Slack slash-command handler incorrectly treated any DM sender as command-authorized. This allowed any Slack user who could DM the bot to execute privileged slash commands via DM, bypassing intended allowlist/access-group restrictions.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `<= 2026.2.13`
- Affected configuration: Slack DMs enabled with `channels.slack.dm.policy: open` (aka `dmPolicy=open`)
## Impact
Any Slack user in the workspace who can DM the bot could invoke privileged slash commands via DM.
## Fix
The slash-command path now computes `CommandAuthorized` for DMs using the same allowlist/access-group gating logic as other inbound paths.
Fix commit(s):
- f19eabee54c49e9a2e264b4965edf28a2f92e657
## Release Process Note
`patched_versions` is set to the planned next release (`2026.2.14`). Once that npm release is published, this advisory should be published.
Thanks @christos-eth for reporting.
When Slack DMs are configured with `dmPolicy=open`, the Slack slash-command handler incorrectly treated any DM sender as command-authorized. This allowed any Slack user who could DM the bot to execute privileged slash commands via DM, bypassing intended allowlist/access-group restrictions.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `<= 2026.2.13`
- Affected configuration: Slack DMs enabled with `channels.slack.dm.policy: open` (aka `dmPolicy=open`)
## Impact
Any Slack user in the workspace who can DM the bot could invoke privileged slash commands via DM.
## Fix
The slash-command path now computes `CommandAuthorized` for DMs using the same allowlist/access-group gating logic as other inbound paths.
Fix commit(s):
- f19eabee54c49e9a2e264b4965edf28a2f92e657
## Release Process Note
`patched_versions` is set to the planned next release (`2026.2.14`). Once that npm release is published, this advisory should be published.
Thanks @christos-eth for reporting.
nvd CVSS3.1
7.5
nvd CVSS4.0
8.2
Vulnerability type
CWE-285
Improper Authorization
CWE-863
Incorrect Authorization
- https://github.com/openclaw/openclaw/commit/f19eabee54c49e9a2e264b4965edf28a2f92...
- https://github.com/openclaw/openclaw/releases/tag/v2026.2.14
- https://github.com/advisories/GHSA-v773-r54f-q32w
- https://github.com/openclaw/openclaw/security/advisories/GHSA-v773-r54f-q32w
- https://www.vulncheck.com/advisories/openclaw-privilege-escalation-in-slack-slas...
- https://nvd.nist.gov/vuln/detail/CVE-2026-28392
- https://github.com/openclaw/openclaw Product
Published: 18 Feb 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026