CVE-2026-32028 in OpenClaw
Summary
by MITRE • 03/20/2026
OpenClaw versions prior to 2026.2.25 fail to enforce dmPolicy and allowFrom authorization checks on Discord direct-message reaction notifications, allowing non-allowlisted users to enqueue reaction-derived system events. Attackers can exploit this inconsistency by reacting to bot-authored DM messages to bypass DM authorization restrictions and trigger downstream automation or tool policies.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 03/26/2026
The vulnerability identified as CVE-2026-32028 affects OpenClaw versions before 2026.2.25 and represents a critical authorization flaw in the Discord messaging system integration. This issue stems from the failure to properly enforce dmPolicy and allowFrom authorization checks specifically for direct-message reaction notifications, creating a pathway for unauthorized access to system events that should remain restricted to authorized users only. The flaw manifests when users interact with bot-authored direct messages through reaction-based mechanisms, bypassing the intended security controls that would normally prevent such interactions from triggering system events.
The technical implementation of this vulnerability demonstrates a clear failure in the authorization enforcement mechanism within the OpenClaw platform's Discord integration module. When a user reacts to a direct message sent by a bot, the system should verify that the reacting user has proper authorization to interact with that specific message and its associated events. However, the current implementation fails to perform these checks, allowing any user to trigger system events through reaction-based interactions. This represents a classic authorization bypass vulnerability where the system's security controls are not consistently applied across all interaction pathways.
The operational impact of this vulnerability extends beyond simple unauthorized access, as it enables attackers to manipulate downstream automation and tool policies through seemingly innocuous reaction-based interactions. When non-allowlisted users can enqueue reaction-derived system events, they gain the ability to trigger various automated processes that may have significant consequences within the system. These events could potentially initiate workflows, execute commands, or modify system states that should only be accessible to authorized personnel, creating a potential vector for privilege escalation or unauthorized system manipulation.
This vulnerability aligns with CWE-284, which describes improper access control, and represents a specific implementation failure in authorization enforcement. The flaw specifically impacts the ATT&CK technique T1078.004, which involves valid accounts used for unauthorized access, as it allows unauthorized users to leverage legitimate bot interactions to gain system access. The inconsistency in authorization enforcement between different types of message interactions creates a security gap that attackers can exploit to move laterally within the system or escalate privileges through reaction-based automation triggers.
The recommended mitigation strategy involves updating to OpenClaw version 2026.2.25 or later, which contains the necessary fixes to properly enforce dmPolicy and allowFrom authorization checks for direct-message reaction notifications. Additionally, system administrators should review and audit existing authorization policies to ensure that all interaction pathways through the Discord integration are properly secured. Organizations should implement monitoring for unusual reaction patterns or automated event triggers that might indicate exploitation attempts. The fix should include comprehensive testing of authorization controls across all message interaction types to prevent similar inconsistencies in future releases.