CVE-2026-32035

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.2

Description OpenClaw fails to correctly handle the senderIsOwner flag when processing Discord voice transcripts through the agentCommand function. This results in the flag defaulting to true, potentially allowing non-owner voice participants to access owner-only tools such as gateway and cron functionality within mixed-trust channels. The issue arises because the senderIsOwner parameter is omitted during voice transcript processing, causing the agentCommand function to assume ownership. This could allow unauthorized access to sensitive tools in deployments where Discord voice is enabled and the bot operates in channels with untrusted users. The impact is dependent on the deployment's trust model, with single-trust deployments being less vulnerable. The agentCommand function is a key component in this issue.

Recommendations OpenClaw versions prior to 2026.3.2 should be updated to version 2026.3.2 or later. Always pass an explicit senderIsOwner value from Discord voice transcript ingress. Fail closed (set to false) when owner status is unknown for non-local or chat ingress paths. Maintain regression tests to verify proper handling of owner and non-owner voice speaker scenarios.