PT-2026-44892 · Slack · Openclaw
Dikai Zou
·
Published
2026-05-29
·
Updated
2026-07-02
·
CVE-2026-32906
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
OpenClaw versions prior to 2026.5.12
Description
A privilege escalation issue exists in Slack plugin approvals. This allows users with exec-authorized permissions to resolve plugin approvals via the exec approver gate, enabling them to bypass intended approval splits and approve plugin actions that fall outside the operator configuration.
Recommendations
Update to version 2026.5.12.
Exploit
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openclaw