Medium severity5.4NVD Advisory· Published Apr 23, 2026· Updated Apr 29, 2026
CVE-2026-41348
CVE-2026-41348
Description
OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command and autocomplete paths that fail to enforce group DM channel allowlist restrictions. Authorized Discord users can bypass channel restrictions by invoking slash commands, allowing access to restricted group DM channels.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
openclawnpm | < 2026.3.31 | 2026.3.31 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/openclaw/openclaw/commit/8fdb19676ab44cf85d47ee13c578195f2e527591nvdPatchWEB
- github.com/advisories/GHSA-rvvf-6vh3-9j43ghsaADVISORY
- github.com/openclaw/openclaw/security/advisories/GHSA-rvvf-6vh3-9j43nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-41348ghsaADVISORY
- www.vulncheck.com/advisories/openclaw-group-dm-channel-allowlist-bypass-via-discord-slash-commandsnvdThird Party AdvisoryWEB
- github.com/openclaw/openclaw/releases/tag/v2026.3.31ghsaWEB
News mentions
0No linked articles in our index yet.