{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27484", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-19T19:46:03.541Z", "datePublished": "2026-02-21T09:21:16.568Z", "dateUpdated": "2026-02-24T18:14:56.099Z"}, "containers": {"cna": {"title": "OpenClaw Discord moderation authorization used untrusted sender identity in tool-driven flows", "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "lang": "en", "description": "CWE-862: Missing Authorization", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 2.3, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wh94-p5m6-mr7j", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wh94-p5m6-mr7j"}, {"name": "https://github.com/openclaw/openclaw/commit/775816035ecc6bb243843f8000c9a58ff609e32d", "tags": ["x_refsource_MISC"], "url": "https://github.com/openclaw/openclaw/commit/775816035ecc6bb243843f8000c9a58ff609e32d"}, {"name": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.19", "tags": ["x_refsource_MISC"], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.19"}], "affected": [{"vendor": "openclaw", "product": "openclaw", "versions": [{"version": "< 2026.2.18", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-21T09:21:16.568Z"}, "descriptions": [{"lang": "en", "value": "OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the Discord moderation action handling (timeout, kick, ban) uses sender identity from request parameters in tool-driven flows, instead of trusted runtime sender context. In setups where Discord moderation actions are enabled and the bot has the necessary guild permissions, a non-admin user can request moderation actions by spoofing sender identity fields. This issue has been fixed in version 2026.2.18."}], "source": {"advisory": "GHSA-wh94-p5m6-mr7j", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-24T18:14:34.555014Z", "id": "CVE-2026-27484", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T18:14:56.099Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27484", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-24T18:14:34.555014Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T18:14:48.074Z"}}], "cna": {"title": "OpenClaw Discord moderation authorization used untrusted sender identity in tool-driven flows", "source": {"advisory": "GHSA-wh94-p5m6-mr7j", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 2.3, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "openclaw", "product": "openclaw", "versions": [{"status": "affected", "version": "< 2026.2.18"}]}], "references": [{"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wh94-p5m6-mr7j", "name": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wh94-p5m6-mr7j", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/openclaw/openclaw/commit/775816035ecc6bb243843f8000c9a58ff609e32d", "name": "https://github.com/openclaw/openclaw/commit/775816035ecc6bb243843f8000c9a58ff609e32d", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.19", "name": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.19", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the Discord moderation action handling (timeout, kick, ban) uses sender identity from request parameters in tool-driven flows, instead of trusted runtime sender context. In setups where Discord moderation actions are enabled and the bot has the necessary guild permissions, a non-admin user can request moderation actions by spoofing sender identity fields. This issue has been fixed in version 2026.2.18."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862: Missing Authorization"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-21T09:21:16.568Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27484", "state": "PUBLISHED", "dateUpdated": "2026-02-24T18:14:56.099Z", "dateReserved": "2026-02-19T19:46:03.541Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-21T09:21:16.568Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "7FCEB318-0B88-45F7-8AC7-5860166A7AC5", "versionEndIncluding": "2026.2.17", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the Discord moderation action handling (timeout, kick, ban) uses sender identity from request parameters in tool-driven flows, instead of trusted runtime sender context. In setups where Discord moderation actions are enabled and the bot has the necessary guild permissions, a non-admin user can request moderation actions by spoofing sender identity fields. This issue has been fixed in version 2026.2.18."}], "id": "CVE-2026-27484", "lastModified": "2026-02-23T20:44:09.190", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-21T10:16:12.557", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/openclaw/openclaw/commit/775816035ecc6bb243843f8000c9a58ff609e32d"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.19"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wh94-p5m6-mr7j"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2026.2.18)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "openclaw", "source": "cna", "vendor": "openclaw"}, "product": "openclaw", "vendor": "openclaw"}], "analysis": {"en": {"generated_at": "2026-04-17T16:48:22.150140+00:00", "value": {"mitigation_remediation": ["Upgrade OpenClaw to version 2026.2.18 or later", "Limit the bot\u2019s guild permissions to only those necessary for moderation and ensure that only authorized administrators can trigger tool-driven moderation flows", "Enable monitoring and logging of all moderation actions to detect and investigate suspicious activity"], "summary": {"action": "Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "This issue affects the OpenClaw AI assistant, distributed under the vendor name OpenClaw by OpenClaw. All installations running version 2026.2.17 or older are vulnerable. The product is built on a Node.js runtime, and the affected component is the Discord moderation action handling module.", "description_and_impact": "The vulnerability stems from the Discord moderation handler in OpenClaw versions 2026.2.17 and earlier. The handler accepts a sender identity supplied in request parameters when processing moderation actions, instead of verifying the sender through the bot\u2019s runtime context. Because of this flaw, a non-admin user can forge these parameters to make the bot perform timeout, kick, or ban actions with the same effect as an authorized moderator. This grants the attacker unauthorized moderation control, which compromises the integrity of the Discord community. The weakness is classed as CWE\u2011862, Authentication Failure.", "risk_and_exploitability": "The CVSS base score is 2.3, indicating a low severity impact on confidentiality, integrity, and availability. EPSS is less than 1\u202f%, meaning the probability of exploitation is very low, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Attackers can exploit the flaw by sending crafted requests to the bot\u2019s endpoint while possessing a Discord account that can initiate tool-driven flows. The exploit requires the bot to have moderation permissions within the guild, but it does not require any escalated privileges on the host system, so the risk is bounded to the Discord server\u2019s control. Nevertheless, organizations that expose the bot to untrusted users should patch promptly to eliminate the possibility of abuse."}}}}, "created": "2026-02-23T14:32:11.915337+00:00", "updated": "2026-04-17T17:00:10.155060+00:00", "vendors": ["openclaw", "openclaw$PRODUCT$openclaw"]}