CVE-2026-32050: OpenClaw's Signal reaction-only status events could, in limited cases, be enqueued before access checks
(updated )
In a narrow Signal reaction-notification path, reaction-only inbound events could enqueue a status event before sender access checks were applied.
References
- github.com/advisories/GHSA-792q-qw95-f446
- github.com/openclaw/openclaw
- github.com/openclaw/openclaw/commit/2aa7842adeedef423be7ce283a9144b9f1a0a669
- github.com/openclaw/openclaw/security/advisories/GHSA-792q-qw95-f446
- nvd.nist.gov/vuln/detail/CVE-2026-32050
- www.vulncheck.com/advisories/openclaw-unauthorized-reaction-status-event-enqueue-via-access-check-bypass
Code Behaviors & Features
Detect and mitigate CVE-2026-32050 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →