PT-2026-44892 · Slack · Openclaw

Dikai Zou

·

Published

2026-05-29

·

Updated

2026-07-02

·

CVE-2026-32906

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.12
Description A privilege escalation issue exists in Slack plugin approvals. This allows users with exec-authorized permissions to resolve plugin approvals via the exec approver gate, enabling them to bypass intended approval splits and approve plugin actions that fall outside the operator configuration.
Recommendations Update to version 2026.5.12.

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-32906
GHSA-WV26-J37Q-2G7P

Affected Products

Openclaw