CVE-2026-28392
published 2026-03-05CVE-2026-28392: OpenClaw versions prior to 2026.2.14 contain a privilege escalation vulnerability in the Slack slash-command handler that incorrectly authorizes any direct…
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.35%
26.6th percentile
OpenClaw versions prior to 2026.2.14 contain a privilege escalation vulnerability in the Slack slash-command handler that incorrectly authorizes any direct message sender when dmPolicy is set to open (must be configured). Attackers can execute privileged slash commands via direct message to bypass allowlist and access-group restrictions.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openclaw | openclaw | < 2026.2.14 | 2026.2.14 |
| openclaw | openclaw | >= 0 < 2026.2.14 | 2026.2.14 |
Detection & IOCsextracted from sources · hover to see the quote
- ·Vulnerability is only exploitable when dmPolicy is set to 'open' — this is a non-default configuration that must be explicitly enabled. ↗
- ·Attackers exploit the flaw by sending privileged slash commands via Slack direct message, bypassing allowlist and access-group restrictions. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.2HIGHCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
OpenClaw Slack: dmPolicy=open allowed any DM sender to run privileged slash commands
ghsa·2026-02-18
CVE-2026-28392 [HIGH] CWE-285 OpenClaw Slack: dmPolicy=open allowed any DM sender to run privileged slash commands
OpenClaw Slack: dmPolicy=open allowed any DM sender to run privileged slash commands
## Summary
When Slack DMs are configured with `dmPolicy=open`, the Slack slash-command handler incorrectly treated any DM sender as command-authorized. This allowed any Slack user who could DM the bot to execute privileged slash commands via DM, bypassing intended allowlist/access-group restrictions.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `<= 2026.2.13`
- Affected configuration: Slack DMs enabled with `channels.slack.dm.policy: open` (aka `dmPolicy=open`)
## Impact
Any Slack user in the workspace who can DM the bot could invoke privileged slash commands via DM.
## Fix
The slash-command path now computes `CommandAuthorized` for DMs using the same allowlist/a
OSV
OpenClaw Slack: dmPolicy=open allowed any DM sender to run privileged slash commands
osv·2026-02-18
CVE-2026-28392 [HIGH] OpenClaw Slack: dmPolicy=open allowed any DM sender to run privileged slash commands
OpenClaw Slack: dmPolicy=open allowed any DM sender to run privileged slash commands
## Summary
When Slack DMs are configured with `dmPolicy=open`, the Slack slash-command handler incorrectly treated any DM sender as command-authorized. This allowed any Slack user who could DM the bot to execute privileged slash commands via DM, bypassing intended allowlist/access-group restrictions.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `<= 2026.2.13`
- Affected configuration: Slack DMs enabled with `channels.slack.dm.policy: open` (aka `dmPolicy=open`)
## Impact
Any Slack user in the workspace who can DM the bot could invoke privileged slash commands via DM.
## Fix
The slash-command path now computes `CommandAuthorized` for DMs using the same allowlist/a
No detection rules found.
No public exploits indexed.
2026-03-05
Published