CVE-2026-27484
Improper Sender Validation in OpenClaw Enables Unauthorized Discord Moderation
Publication date: 2026-02-21
Last updated on: 2026-02-23
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.2.17 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-27484 is a vulnerability in the OpenClaw AI assistant related to Discord moderation actions such as timeout, kick, and ban. In versions 2026.2.17 and below, these actions used the sender identity provided in request parameters rather than a trusted runtime sender context. This flaw allowed non-admin users to spoof sender identity fields and request unauthorized moderation actions if the bot had the necessary guild permissions enabled.
The root cause is a missing authorization check (classified as CWE-862), where the system did not verify that the user requesting the moderation action actually had the required permissions. This issue was fixed in version 2026.2.18 by enforcing permission checks using a trusted sender context and ignoring untrusted sender identity parameters.
How can this vulnerability impact me? :
This vulnerability can allow a non-admin user to perform unauthorized Discord moderation actions such as timing out, kicking, or banning other users if the OpenClaw bot has the necessary guild permissions enabled. This means an attacker could misuse the bot to disrupt community management, remove legitimate users, or otherwise abuse moderation capabilities without proper authorization.
Such unauthorized actions can lead to disruption of Discord server operations, loss of trust among users, and potential misuse of administrative privileges.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves unauthorized Discord moderation actions triggered by spoofed sender identity fields in tool-driven flows of the OpenClaw assistant. Detection involves verifying if moderation actions (timeout, kick, ban) are being requested by non-admin users without proper authorization.
Since the issue arises from the use of untrusted senderUserId parameters, you can monitor logs or audit trails for moderation commands where the sender identity does not match a trusted runtime context or where non-admin users are performing moderation actions.
Specific commands to detect this vulnerability are not provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade OpenClaw to version 2026.2.18 or later, where the vulnerability has been fixed.
The fix enforces trusted sender authentication by verifying that the sender has the required Discord guild permissions before allowing moderation actions such as timeout, kick, or ban.
If upgrading immediately is not possible, consider disabling Discord moderation actions or restricting bot permissions to prevent unauthorized moderation commands.