Samchodev

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.5.19 **Description** An authorization bypass exists in message read actions due to insufficient validation, which allows the system to skip channel allowlist checks. This enables lower-trust callers to request and potentially expose sensitive messages from channels they are not authorized to access. **Recommendations** Update to version 2026.5.19.