Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
OpenClaw's Signal reaction-only status events could, in limited cases, be enqueued before access checks
GHSA-792q-qw95-f446
Summary
### Summary
In a narrow Signal reaction-notification path, reaction-only inbound events could enqueue a status event before sender access checks were applied.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected: `<= 2026.2.24` (latest published at patch time)
- Fixed: `2026.2.25...
What to do
- Update openclaw to version 2026.2.25.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.2.24 | 2026.2.25 |
Original title
OpenClaw's Signal reaction-only status events could, in limited cases, be enqueued before access checks
Original description
### Summary
In a narrow Signal reaction-notification path, reaction-only inbound events could enqueue a status event before sender access checks were applied.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected: `<= 2026.2.24` (latest published at patch time)
- Fixed: `2026.2.25`
### Details
In the affected flow (`src/signal/monitor/event-handler.ts`), reaction-only handling could return after `enqueueSystemEvent(...)` before DM/group authorization checks were evaluated for that sender.
This behavior was limited to reaction-only inbound events with reaction notifications enabled. In that case, a sender not authorized for normal DM flow could still queue a Signal reaction status line for that session.
The fix applies shared DM/group access checks before reaction notification enqueue. Pairing behavior for normal DM messages is unchanged.
### Impact
- Limited to Signal reaction-only inbound events.
- Could add an unauthorized reaction status line to agent context for affected sessions.
- Did not directly enable normal DM delivery or direct host command execution.
### Fix Commit(s)
- `2aa7842adeedef423be7ce283a9144b9f1a0a669`
### Release Process Note
`patched_versions` is pre-set to `2026.2.25` so once npm release is out, advisory publish can proceed directly.
OpenClaw thanks @tdjackey for reporting.
In a narrow Signal reaction-notification path, reaction-only inbound events could enqueue a status event before sender access checks were applied.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected: `<= 2026.2.24` (latest published at patch time)
- Fixed: `2026.2.25`
### Details
In the affected flow (`src/signal/monitor/event-handler.ts`), reaction-only handling could return after `enqueueSystemEvent(...)` before DM/group authorization checks were evaluated for that sender.
This behavior was limited to reaction-only inbound events with reaction notifications enabled. In that case, a sender not authorized for normal DM flow could still queue a Signal reaction status line for that session.
The fix applies shared DM/group access checks before reaction notification enqueue. Pairing behavior for normal DM messages is unchanged.
### Impact
- Limited to Signal reaction-only inbound events.
- Could add an unauthorized reaction status line to agent context for affected sessions.
- Did not directly enable normal DM delivery or direct host command execution.
### Fix Commit(s)
- `2aa7842adeedef423be7ce283a9144b9f1a0a669`
### Release Process Note
`patched_versions` is pre-set to `2026.2.25` so once npm release is out, advisory publish can proceed directly.
OpenClaw thanks @tdjackey for reporting.
ghsa CVSS4.0
5.3
Vulnerability type
CWE-863
Incorrect Authorization
Published: 3 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026