OpenClaw: Slack system events bypass sender authorization in member and message subtype handlers

@tdjackey

Summary

Slack member_* and message subtype system events (message_changed, message_deleted, thread_broadcast) were not consistently enforcing sender authorization before enqueueing system events.

Affected Packages / Versions

Package: openclaw (npm)
Latest published version: 2026.2.25
Affected range: <= 2026.2.25
Planned patched version: 2026.2.26 (pre-set for publish-readiness)

Technical Details

Slack system-event handlers in src/slack/monitor/events/members.ts and src/slack/monitor/events/messages.ts enqueued events after channel checks without shared sender authorization. Deployments relying on Slack DM allowlists (dmPolicy / allowFrom) or per-channel users allowlists could receive unauthorized system-event ingress from non-allowlisted senders.

The fix routes those handlers through authorizeAndResolveSlackSystemEventContext(...) and fails closed when message subtype sender identity cannot be resolved.

Fix Commit(s)

3d30ba18a2aba1e1b302e77ff33145c3b06c01c8

Release Process Note

patched_versions is pre-set to >= 2026.2.26 so once npm 2026.2.26 is published, this advisory can be published without further field edits.

Thanks @tdjackey for reporting.

References

steipete published to openclaw/openclaw Feb 26, 2026

Published to the GitHub Advisory Database Mar 12, 2026

Reviewed Mar 12, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Package

Affected versions

Patched versions

Description

Summary

Affected Packages / Versions

Technical Details

Fix Commit(s)

Release Process Note

References

Severity

CVSS overall score

CVSS v3 base metrics

CVSS v3 base metrics

EPSS score

Weaknesses

Incorrect Authorization

CVE ID

GHSA ID

Source code

Credits

Uh oh!