1  info:
 2    name: OpenClaw
 3    cve: GHSA-354r-7mfh-7rh2
 4    summary: OpenClaw Discord DM reaction ingress missed dmPolicy/allowFrom checks in restricted setups
 5    details: >-
 6      Summary
 7  
 8      In OpenClaw <= 2026.2.24, Discord direct-message reaction notifications did not consistently apply the same DM authorization
 9      checks (dmPolicy / allowFrom) that are enforced for normal DM message ingress.
10  
11  
12      In restrictive DM setups, a non-allowlisted Discord user who can react to a bot-authored DM message could still enqueue
13      a reaction-derived system event in the session.
14  
15  
16      This is a reaction-only ingress inconsistency. By itself it does not directly execute commands; practical impact depends
17      on downstream automation/tool policy.
18  
19  
20      Details
21  
22      The DM message path already enforces dmPolicy/allowFrom authorization, but the DM reaction-notification path previously
23      allowed event enqueue under reaction mode checks without that same authorization gate.
24  
25  
26      Fix in main aligns reaction ingress with normal message preflight for Discord DM/group-DM/guild policy boundaries and
27      applies equivalent DM reaction authorization hardening for Slack to keep channel behavior consistent.
28  
29  
30      Affected Packages / Versions
31  
32      - npm package: openclaw
33  
34      - Affected: <= 2026.2.24
35  
36      - Patched: >= 2026.2.25
37    cvss: ''
38    severity: MEDIUM
39    security_advise: Upgrade openclaw to >= 2026.2.25 or later. Commit(s) - aedf62ac7e669a89c7b299201bf6537dc6b12e0e
40    references:
41    - https://github.com/openclaw/openclaw/security/advisories/GHSA-354r-7mfh-7rh2
42  rule: version <= "2026.2.24"
43  references:
44  - https://github.com/openclaw/openclaw/security/advisories/GHSA-354r-7mfh-7rh2