UNKNOWNCVE-2026-32975
OpenClaw < 2026.3.12 - Weak Authorization via Mutable Group Names in Zalouser Allowlist
Platform
other
Component
openclaw
Fixed in
2026.3.12
OpenClaw before 2026.3.12 contains a weak authorization vulnerability in Zalouser allowlist mode that matches mutable group display names instead of stable group identifiers. Attackers can create groups with identical names to allowlisted groups to bypass channel authorization and route messages from unintended groups to the agent.
How to fix
Actualice OpenClaw a la versión 2026.3.12 o posterior. Esta versión corrige la vulnerabilidad de autorización débil al utilizar identificadores de grupo estables en lugar de nombres de visualización mutables en la lista de permitidos de Zalouser.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free