cbcvebase.
CVE-2026-28392
published 2026-03-05

CVE-2026-28392: OpenClaw versions prior to 2026.2.14 contain a privilege escalation vulnerability in the Slack slash-command handler that incorrectly authorizes any direct…

PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.35%
26.6th percentile
OpenClaw versions prior to 2026.2.14 contain a privilege escalation vulnerability in the Slack slash-command handler that incorrectly authorizes any direct message sender when dmPolicy is set to open (must be configured). Attackers can execute privileged slash commands via direct message to bypass allowlist and access-group restrictions.

Affected

2 ranges
VendorProductVersion rangeFixed in
openclawopenclaw< 2026.2.142026.2.14
openclawopenclaw>= 0 < 2026.2.142026.2.14

Detection & IOCsextracted from sources · hover to see the quote

  • ·Vulnerability is only exploitable when dmPolicy is set to 'open' — this is a non-default configuration that must be explicitly enabled.
  • ·Attackers exploit the flaw by sending privileged slash commands via Slack direct message, bypassing allowlist and access-group restrictions.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.2HIGHCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.