CVE-2026-28392 in OpenClaw
Summary
by MITRE • 03/06/2026
OpenClaw versions prior to 2026.2.14 contain a privilege escalation vulnerability in the Slack slash-command handler that incorrectly authorizes any direct message sender when dmPolicy is set to open (must be configured). Attackers can execute privileged slash commands via direct message to bypass allowlist and access-group restrictions.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 03/11/2026
The vulnerability identified as CVE-2026-28392 affects OpenClaw versions prior to 2026.2.14 and represents a critical privilege escalation flaw within the Slack slash-command handler component. This vulnerability specifically targets the authorization mechanisms that govern how slash commands are processed when received through direct messages. The flaw manifests when the dmPolicy configuration parameter is set to "open," creating a dangerous condition where any individual can execute privileged commands without proper authentication or authorization checks. This represents a fundamental breakdown in the principle of least privilege that is essential for secure application design and aligns with CWE-284, which addresses improper access control issues in software systems.
The technical implementation of this vulnerability stems from the improper validation of direct message senders within the Slack integration layer of OpenClaw. When dmPolicy is configured to allow open direct messaging, the system fails to verify the identity or authorization status of message senders before executing privileged commands. This creates a scenario where an attacker can send a specially crafted slash command directly to the OpenClaw bot, bypassing all established allowlists and access group restrictions that would normally prevent unauthorized execution of administrative functions. The flaw essentially removes the authorization gatekeeping that should occur when processing direct messages, allowing any user to gain elevated privileges through simple message-based attacks.
The operational impact of this vulnerability extends far beyond simple command execution, as it provides attackers with potentially complete control over the OpenClaw system through the Slack interface. An attacker who gains access to a valid Slack workspace can exploit this vulnerability to execute any privileged slash command, potentially leading to data exfiltration, system modification, user account manipulation, or complete system compromise. The attack vector is particularly concerning because it requires minimal technical sophistication and can be executed through standard Slack communication channels. This vulnerability directly maps to ATT&CK technique T1078.004, which covers legitimate credentials usage through Slack or similar collaboration platforms, and represents a significant risk to organizations that rely on Slack integrations for system management.
Organizations utilizing OpenClaw should immediately implement mitigations to address this privilege escalation vulnerability. The most critical immediate action is to upgrade to OpenClaw version 2026.2.14 or later, which contains the necessary patches to properly validate direct message senders and enforce authorization controls. Additionally, administrators should review and tighten dmPolicy configurations to avoid setting it to "open" unless absolutely necessary for legitimate business operations. The recommended approach involves implementing strict user validation and authentication checks for all direct message interactions, ensuring that only authorized users within predefined access groups can execute privileged commands. Organizations should also consider implementing network-level restrictions and monitoring for unusual slash command activity that could indicate exploitation attempts, as this vulnerability could be leveraged for persistent access or reconnaissance activities within compromised environments.