Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
7.3

Discord Voice Manager Allows Unauthorized Access

GHSA-cqgw-44wg-44rf
Summary

The Discord voice manager in OpenClaw does not properly control access to voice channels, allowing unauthorized members to join and participate in voice conversations. This could lead to sensitive information being shared or malicious users disrupting online meetings. To fix this, update OpenClaw to version 2026.3.31 or later.

What to do
  • Update openclaw to version 2026.3.31.
Affected software
VendorProductAffected versionsFix available
openclaw <= 2026.3.31 2026.3.31
Original title
OpenClaw: Discord voice manager bypasses channel-level member access allowlist
Original description
## Summary
Discord voice manager bypasses channel-level member access allowlist

## Current Maintainer Triage
- Normalized severity: medium
- Assessment: v2026.3.28 still accepts Discord voice ingress before channel allowlist authorization, and main-only gating means this remains a real shipped access-control bug.

## Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published npm version: `2026.3.31`
- Vulnerable version range: `<=2026.3.28`
- Patched versions: `>= 2026.3.31`
- First stable tag containing the fix: `v2026.3.31`

## Fix Commit(s)
- `dba96e7507e0900f120e5e28e57755d69bf78759` — 2026-03-31T21:29:13+09:00

OpenClaw thanks @zsxsoft for reporting.
osv CVSS4.0 7.3
Vulnerability type
CWE-863 Incorrect Authorization
Published: 3 Apr 2026 · Updated: 3 Apr 2026 · First seen: 3 Apr 2026