CVE-2026-32906
Awaiting Analysis Awaiting Analysis - Queue
Privilege Escalation in OpenClaw Slack Plugin Approvals

Publication date: 2026-05-29

Last updated on: 2026-05-29

Assigner: VulnCheck

Description
OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that allows exec-authorized users to resolve plugin approvals through the exec approver gate. Attackers with limited exec approval permissions can bypass intended approval splits to approve plugin actions outside operator configuration.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-29
Last Modified
2026-05-29
Generated
2026-05-29
AI Q&A
2026-05-29
EPSS Evaluated
N/A
NVD
CVE-2026-32906
EUVD
EUVD-2026-33333
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.5.12 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-32906 is a privilege escalation vulnerability in OpenClaw versions before 2026.5.12, specifically affecting the Slack plugin approvals system.

The issue arises from incorrect authorization checks (CWE-863) that allow users with exec approval permissions to bypass intended approval splits.

This means that attackers who have limited exec approval rights can escalate their privileges by resolving plugin approvals through the exec approver gate, approving plugin actions beyond what the operator configuration permits.


How can this vulnerability impact me? :

This vulnerability can allow an attacker with limited exec approval permissions to approve plugin actions that they should not be authorized to approve.

The impact depends on the operator's configuration and whether lower-trust input can reach the affected Slack plugin approval path.

If exploited, it could lead to unauthorized plugin actions being approved, potentially compromising the intended security controls within the OpenClaw environment.

However, the overall trusted-operator model of OpenClaw remains intact unless other security boundaries are crossed.

  • Operators should keep approval allowlists updated.
  • Manually review Slack approval actions until the patch is applied.
  • Maintain narrow channel and tool allowlists.
  • Avoid sharing a single Gateway between untrusted users.
  • Disable the affected feature when not needed.

What immediate steps should I take to mitigate this vulnerability?

To mitigate the CVE-2026-32906 vulnerability in OpenClaw Slack plugin approvals, operators should:

  • Keep approval allowlists updated.
  • Manually review Slack approval actions until the system is patched.
  • Maintain narrow channel and tool allowlists.
  • Avoid sharing a single Gateway between untrusted users.
  • Disable the affected Slack plugin approval feature when it is not needed.

Additionally, upgrading to OpenClaw version 2026.5.12 or later will patch this vulnerability.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart