PT-2026-22453 · Npm · Openclaw
Published
2026-02-18
·
Updated
2026-02-18
CVSS v4.0
8.2
High
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
Summary
When Slack DMs are configured with
dmPolicy=open, the Slack slash-command handler incorrectly treated any DM sender as command-authorized. This allowed any Slack user who could DM the bot to execute privileged slash commands via DM, bypassing intended allowlist/access-group restrictions.Affected Packages / Versions
- Package:
openclaw(npm) - Affected versions:
<= 2026.2.13 - Affected configuration: Slack DMs enabled with
channels.slack.dm.policy: open(akadmPolicy=open)
Impact
Any Slack user in the workspace who can DM the bot could invoke privileged slash commands via DM.
Fix
The slash-command path now computes
CommandAuthorized for DMs using the same allowlist/access-group gating logic as other inbound paths.Fix commit(s):
- f19eabee54c49e9a2e264b4965edf28a2f92e657
Release Process Note
patched versions is set to the planned next release (2026.2.14). Once that npm release is published, this advisory should be published.Thanks @christos-eth for reporting.
Fix
Improper Authorization
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Openclaw