CVE-2026-41303

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28

Description An authorization bypass exists in Discord text approval commands, specifically affecting the '/approve' command. This issue allows users who are permitted to send commands but are not included in the channels.discord.execApprovals.approvers allowlist to resolve pending host execution requests. The flaw is located within the extensions/discord/src/exec-approvals.ts and src/auto-reply/reply/commands-approve.ts components.

Recommendations Update to version 2026.3.28.