CVE-2026-32923

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.11

Description The software contains an authorization bypass issue in how Discord guild reactions are processed. Specifically, the system does not properly verify if a user or role is on an allowlist, allowing unauthorized users to trigger reaction events. These events are then incorrectly treated as trusted system events, potentially allowing injection of reaction text into session context.

Recommendations Update to version 2026.3.11 or later.