CVE-2026-32975

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.12

Description The software contains a weak authorization issue in Zalouser allowlist mode. The system incorrectly matches mutable group display names instead of stable group identifiers. This allows attackers to bypass channel authorization by creating groups with identical names to allowlisted groups, enabling them to route messages to unintended groups through the agent.

Recommendations Update OpenClaw to version 2026.3.12 or later.