OpenClaw Discord Bot Vulnerability Allows Unauthorized Exec Approvals
The National Vulnerability Database (NVD) has detailed CVE-2026-41303, a high-severity authorization bypass in OpenClaw before version 2026.3.28. This flaw specifically impacts Discord text approval commands, allowing individuals not designated as approvers to resolve pending execution approvals. This is a critical bypass that subverts established security controls.
Attackers can exploit this vulnerability by sending crafted Discord text commands. This action allows them to circumvent the channels.discord.execApprovals.approvers allowlist, effectively granting them the ability to approve pending host execution requests. The CVSS score for this vulnerability is 8.8 (HIGH), reflecting significant impact on confidentiality, integrity, and availability.
This isn’t just a Discord bot misconfiguration; it’s a direct route to unauthorized code execution. If your organization uses OpenClaw for managing critical operations via Discord, this vulnerability represents a severe risk. It undermines the very concept of segregated duties and controlled execution environments. Defenders need to recognize that an attacker gaining this capability could bypass critical gates, leading to full system compromise or data exfiltration.
What This Means For You
- If your organization uses OpenClaw with Discord for managing execution approvals, you need to prioritize patching to version 2026.3.28 or later immediately. Audit your Discord channels and OpenClaw configurations for any unauthorized approvals or suspicious commands that may have already exploited this bypass.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-41303 - OpenClaw Discord Bot Unauthorized Exec Approval
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-41303 | Auth Bypass | OpenClaw before 2026.3.28 |
| CVE-2026-41303 | Auth Bypass | Discord text approval commands |
| CVE-2026-41303 | Auth Bypass | Bypass channels.discord.execApprovals.approvers allowlist |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 21, 2026 at 03:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related Posts
Neko Virtual Browser: Authenticated RCE to Admin Takeover
CVE-2026-39386 — Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1,...
CVE-2026-39378 — Path Traversal
CVE-2026-39378 — The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when `HTMLExporter.embed_images=True`, nbconvert's...
CVE-2026-39377 — Path Traversal
CVE-2026-39377 — The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes...