Executive Summary

CVE-2026-32899 is an authorization consistency vulnerability in OpenClaw versions prior to 2026.2.25 affecting Slack integration. The issue occurs because reaction_* and pin_* non-message Slack events were processed and added to the system-event context without consistently applying sender-policy authorization checks. This means that attackers could bypass configured direct message (DM) policies and channel user allowlists to inject unauthorized reaction and pin events from restricted senders.

The root cause is incorrect authorization (CWE-863), where authorization checks exist but are not properly enforced before processing these events.

The vulnerability was fixed by routing reaction and pin event handlers through a shared authorization function that enforces DM policies, allowlists, and channel user checks before enqueuing system events.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows attackers to inject unauthorized reaction and pin events into the system-event context in Slack integrations. Such unauthorized event injection can lead to unexpected or malicious system behavior triggered by reaction or pin events from senders who should be restricted.

While the impact does not affect confidentiality or availability, it can impact integrity by allowing unauthorized modification of event context, potentially misleading system processes or users.

The exploit requires no user interaction, has a network attack vector, and low attack complexity, making it easier for attackers to exploit if the vulnerable version is in use.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability involves unauthorized injection of reaction_* and pin_* Slack events due to missing sender-policy authorization checks. Detection involves monitoring logs for verbose entries indicating dropped unauthorized reaction or pin events.'}, {'type': 'paragraph', 'content': 'Specifically, the patched OpenClaw version logs verbose messages when an unauthorized sender attempts to enqueue reaction or pin events. Reviewing these logs can help detect exploitation attempts.'}, {'type': 'paragraph', 'content': 'Since the vulnerability is in the OpenClaw Slack monitor, you can check the version of OpenClaw installed (should be 2026.2.25 or later). To detect unauthorized events, monitor system-event logs for entries related to reaction_* and pin_* events that were dropped due to authorization failures.'}, {'type': 'paragraph', 'content': 'No explicit detection commands are provided in the resources, but general commands to check the OpenClaw version and to search logs for unauthorized event drops could be:'}, {'type': 'list_item', 'content': 'Check OpenClaw version: `npm list openclaw` or check the version in your package.json or installed modules.'}, {'type': 'list_item', 'content': 'Search logs for unauthorized reaction or pin event drops: `grep -i "unauthorized sender" /path/to/openclaw/logs/*` or similar log inspection commands.'}, {'type': 'list_item', 'content': 'Monitor system-event context logs for unexpected reaction_* or pin_* events from disallowed senders.'}] [1, 2]

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation step is to upgrade OpenClaw to version 2026.2.25 or later, where the vulnerability is fixed by enforcing strict sender authorization checks on Slack reaction and pin events.

This update routes reaction_* and pin_* event handlers through a shared authorization function that enforces direct message (DM) policies, allowlists, and channel user allowlists consistently, preventing unauthorized event injection.

Additionally, review and configure your DM policies and allowlists appropriately to ensure only authorized users can trigger reaction and pin events.

If immediate upgrade is not possible, consider monitoring logs for unauthorized event attempts and temporarily restricting reaction and pin event processing if feasible.

Useful 0 Not Useful 0