GHSA-792q-qw95-f446: OpenClaw's Signal reaction-only status events could, in limited cases, be enqueued before access checks

March 3, 2026

In a narrow Signal reaction-notification path, reaction-only inbound events could enqueue a status event before sender access checks were applied.

References

github.com/advisories/GHSA-792q-qw95-f446
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/2aa7842adeedef423be7ce283a9144b9f1a0a669
github.com/openclaw/openclaw/security/advisories/GHSA-792q-qw95-f446

Code Behaviors & Features

Detect and mitigate GHSA-792q-qw95-f446 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →