CVE-2026-27484: OpenClaw Discord moderation authorization used untrusted sender identity in tool-driven flows
(updated )
In setups where Discord moderation actions are enabled and the bot has the necessary guild permissions, a non-admin user could request moderation actions by spoofing sender identity fields.
References
- github.com/advisories/GHSA-wh94-p5m6-mr7j
- github.com/openclaw/openclaw
- github.com/openclaw/openclaw/commit/775816035ecc6bb243843f8000c9a58ff609e32d
- github.com/openclaw/openclaw/releases/tag/v2026.2.19
- github.com/openclaw/openclaw/security/advisories/GHSA-wh94-p5m6-mr7j
- nvd.nist.gov/vuln/detail/CVE-2026-27484
Code Behaviors & Features
Detect and mitigate CVE-2026-27484 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →