PT-2026-34789 · Openclaw · Openclaw
Antaisecuritylab
·
Published
2026-04-23
·
Updated
2026-05-07
·
CVE-2026-41358
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
OpenClaw versions prior to 2026.4.2
Description
OpenClaw fails to filter Slack thread context by sender allowlist, which allows messages from non-allowlisted senders to enter the agent context. This enables attackers to inject unauthorized thread messages via replies from allowlisted users, bypassing sender access controls to manipulate the model context.
Recommendations
Update to version 2026.4.2.
Fix
Origin Validation Error
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openclaw