GHSA-v773-r54f-q32w
Suggest an improvement- Source
- https://github.com/advisories/GHSA-v773-r54f-q32w
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/02/GHSA-v773-r54f-q32w/GHSA-v773-r54f-q32w.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-v773-r54f-q32w
- Published
- 2026-02-18T00:51:03Z
- Modified
- 2026-02-18T01:23:58.349259Z
- Severity
-
- 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- OpenClaw Slack: dmPolicy=open allowed any DM sender to run privileged slash commands
- Details
-
Summary
When Slack DMs are configured with
dmPolicy=open, the Slack slash-command handler incorrectly treated any DM sender as command-authorized. This allowed any Slack user who could DM the bot to execute privileged slash commands via DM, bypassing intended allowlist/access-group restrictions.Affected Packages / Versions
- Package:
openclaw(npm) - Affected versions:
<= 2026.2.13 - Affected configuration: Slack DMs enabled with
channels.slack.dm.policy: open(akadmPolicy=open)
Impact
Any Slack user in the workspace who can DM the bot could invoke privileged slash commands via DM.
Fix
The slash-command path now computes
CommandAuthorizedfor DMs using the same allowlist/access-group gating logic as other inbound paths.Fix commit(s): - f19eabee54c49e9a2e264b4965edf28a2f92e657
Release Process Note
patched_versionsis set to the planned next release (2026.2.14). Once that npm release is published, this advisory should be published.Thanks @christos-eth for reporting.
- Package:
- Database specific
{ "github_reviewed_at": "2026-02-18T00:51:03Z", "severity": "MODERATE", "cwe_ids": [ "CWE-285" ], "github_reviewed": true, "nvd_published_at": null }- References
Affected packages
npm / openclaw
Package
- Name
- openclaw
- View open source insights on deps.dev
- Purl
- pkg:npm/openclaw