Vulnerability Details CVE-2026-41367
OpenClaw versions 2026.2.14 through 2026.3.24 fail to consistently apply guild and channel policy gates to Discord button and component interactions. Attackers can trigger privileged component actions from blocked contexts by bypassing channel policy enforcement.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 7.3%
CVSS Severity
CVSS v3 Score 5.0
References
Products affected by CVE-2026-41367
-
cpe:2.3:a:openclaw:openclaw:2026.2.14
-
cpe:2.3:a:openclaw:openclaw:2026.2.15
-
cpe:2.3:a:openclaw:openclaw:2026.2.17
-
cpe:2.3:a:openclaw:openclaw:2026.2.17.2
-
cpe:2.3:a:openclaw:openclaw:2026.2.19
-
cpe:2.3:a:openclaw:openclaw:2026.2.19-1
-
cpe:2.3:a:openclaw:openclaw:2026.2.19-2
-
cpe:2.3:a:openclaw:openclaw:2026.2.21
-
cpe:2.3:a:openclaw:openclaw:2026.2.21-1
-
cpe:2.3:a:openclaw:openclaw:2026.2.21-2
-
cpe:2.3:a:openclaw:openclaw:2026.2.22
-
cpe:2.3:a:openclaw:openclaw:2026.2.22-1
-
cpe:2.3:a:openclaw:openclaw:2026.2.22-2
-
cpe:2.3:a:openclaw:openclaw:2026.2.23
-
cpe:2.3:a:openclaw:openclaw:2026.2.24
-
cpe:2.3:a:openclaw:openclaw:2026.2.25
-
cpe:2.3:a:openclaw:openclaw:2026.2.26
-
cpe:2.3:a:openclaw:openclaw:2026.2.61
-
cpe:2.3:a:openclaw:openclaw:2026.2.62
-
cpe:2.3:a:openclaw:openclaw:2026.2.63
-
cpe:2.3:a:openclaw:openclaw:2026.3.1
-
cpe:2.3:a:openclaw:openclaw:2026.3.11
-
cpe:2.3:a:openclaw:openclaw:2026.3.12
-
cpe:2.3:a:openclaw:openclaw:2026.3.13
-
cpe:2.3:a:openclaw:openclaw:2026.3.2
-
cpe:2.3:a:openclaw:openclaw:2026.3.22
-
cpe:2.3:a:openclaw:openclaw:2026.3.23
-
cpe:2.3:a:openclaw:openclaw:2026.3.23-2
-
cpe:2.3:a:openclaw:openclaw:2026.3.24
-
cpe:2.3:a:openclaw:openclaw:2026.3.25
-
cpe:2.3:a:openclaw:openclaw:2026.3.7
-
cpe:2.3:a:openclaw:openclaw:2026.3.8