OpenClaw Slack DM Authorization Bypass, Improper Access Control, CVE-2026-XXX (Moderate)

Listen to this Post

The vulnerability exists in OpenClaw versions <=2026.2.13 when Slack DMs are configured with `dmPolicy=open` . Under this configuration, the Slack slash-command handler incorrectly treats any DM sender as command-authorized, regardless of whether that user belongs to an allowlist or access group . The intended security model requires that only specific authorized users can execute privileged slash commands, but the flawed handler logic bypasses these restrictions entirely . When a Slack user sends a DM containing a slash command to the bot, the command path fails to validate the sender against the configured allowlist . Instead, it implicitly trusts any message arriving via DM channel as legitimate . This means any workspace user who can discover the bot’s Slack handle and initiate a direct message can invoke privileged operations . The flaw stems from inconsistent authorization logic across different inbound paths—while other channels properly check permissions, the DM path contains a gap where the `CommandAuthorized` check is skipped . The fix implements the same allowlist and access-group gating logic for DMs that already exists for other inbound paths, ensuring consistent authorization enforcement across all channels .

dailycve form:

Platform: OpenClaw (npm)
Version: <=2026.2.13
Vulnerability: Slack DM Authorization Bypass
Severity: Moderate
Date: 2026-02-14

Prediction: 2026-02-20

What Undercode Say

Analytics:

Check installed OpenClaw version
npm list openclaw
Check if running vulnerable configuration
grep -r "channels.slack.dm.policy" ~/.openclaw/config/
grep -r "dmPolicy" ~/.openclaw/config/
Check Slack channel configuration
cat ~/.openclaw/config/channels/slack.yaml
Search for exposed instances in logs
find ~/.openclaw/logs -name ".log" | xargs grep -i "slash command from DM"
Verify if allowlist exists and was bypassed
cat ~/.openclaw/config/auth/allowlist.yaml
Monitor for unauthorized command execution
tail -f ~/.openclaw/logs/audit.log | grep -i "command.DM"
Quick version comparison
if [ "$(npm list openclaw --depth=0 | grep openclaw@ | cut -d@ -f2)" \< "2026.2.14" ]; then echo "Vulnerable"; else echo "Patched"; fi

Exploit:

  1. Attacker identifies Slack workspace using OpenClaw bot with DM enabled
  2. Attacker sends DM to bot containing privileged slash command (e.g., /admin, /system, /exec)

3. Vulnerable handler accepts command without allowlist validation

4. Bot executes privileged operation with full permissions

5. Attacker gains unauthorized access to restricted functions

Protection:

1. Update to OpenClaw 2026.2.14 or later immediately

2. Set `channels.slack.dm.policy: closed` if DM not required

3. Implement strict allowlist at Slack workspace level

  1. Monitor audit logs for unexpected DM command execution

5. Rotate all Slack tokens if compromise suspected

6. Apply commit f19eabee54c49e9a2e264b4965edf28a2f92e657 manually if update delayed

Impact:

Any Slack user in workspace can execute privileged commands via DM, bypassing all access controls. This enables unauthorized configuration changes, data access, system command execution, and potential lateral movement through connected services . The vulnerability transforms the Slack DM channel into an unauthenticated admin interface for any workspace member who can discover the bot .

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top