GHSA-vfg3-pqpq-93m4: OpenClaw: Tlon cite expansion happens before channel and DM authorization is complete

March 26, 2026

Tlon cite expansion happened before channel and DM authorization completed, allowing cite work and content handling before the final auth decision.

References

github.com/advisories/GHSA-vfg3-pqpq-93m4
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/3cbf932413e41d1836cb91aed1541a28a3122f93
github.com/openclaw/openclaw/commit/ebee4e2210e1f282a982c7ef2ad79d77a572fc87
github.com/openclaw/openclaw/security/advisories/GHSA-vfg3-pqpq-93m4

Code Behaviors & Features

Detect and mitigate GHSA-vfg3-pqpq-93m4 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →