CVE-2026-32895
OpenClaw: Slack system events bypass sender authorization in member and message subtype handlers
Description
### Summary Slack `member_*` and `message` subtype system events (`message_changed`, `message_deleted`, `thread_broadcast`) were not consistently enforcing sender authorization before enqueueing system events. ### Affected Packages / Versions - Package: `openclaw` (npm) - Latest published version: `2026.2.25` - Affected range: `<= 2026.2.25` - Planned patched version: `2026.2.26` (pre-set for publish-readiness) ### Technical Details Slack system-event handlers in `src/slack/monitor/events/members.ts` and `src/slack/monitor/events/messages.ts` enqueued events after channel checks without shared sender authorization. Deployments relying on Slack DM allowlists (`dmPolicy` / `allowFrom`) or per-channel `users` allowlists could receive unauthorized system-event ingress from non-allowlisted senders. The fix routes those handlers through `authorizeAndResolveSlackSystemEventContext(...)` and fails closed when message subtype sender identity cannot be resolved. ### Fix Commit(s) - `3d30ba18a2aba1e1b302e77ff33145c3b06c01c8` ### Release Process Note `patched_versions` is pre-set to `>= 2026.2.26` so once npm `2026.2.26` is published, this advisory can be published without further field edits. Thanks @tdjackey for reporting.
How to fix CVE-2026-32895
To remediate CVE-2026-32895, upgrade the affected package to a fixed version below.
- —upgrade to 2026.2.26 or later
Is CVE-2026-32895 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2026.2.26