CVE-2026-32005
OpenClaw: Slack interactive callbacks could skip configured sender checks in some shared-workspace flows
Description
## Impact In shared Slack workspace deployments that rely on sender restrictions (`allowFrom`, DM policy, or channel user allowlists), some interactive callbacks (`block_action`, `view_submission`, `view_closed`) could be accepted before full sender authorization checks. In that scenario, an unauthorized workspace member could enqueue system-event text into an active session. This issue did not provide unauthenticated access, cross-gateway isolation bypass, or host-level privilege escalation by itself. ## Affected Packages / Versions - Package: `openclaw` (npm) - Vulnerable versions: `<= 2026.2.24` - Patched version: `2026.2.25` (planned next npm release) ## Fix Commit(s) - `ce8c67c314b93f570f53c2a9abc124e1e3a54715` ## Release Process Note `patched_versions` is pre-set to the release (`2026.2.25`). Advisory published with npm release `2026.2.25`. ## Trust Model Scope Note OpenClaw does not support adversarial multi-user isolation on a single shared gateway instance. The supported model is one trust boundary per gateway (separate gateways/hosts for mutually untrusted users). See: https://docs.openclaw.ai/gateway/security OpenClaw thanks @tdjackey for reporting.
How to fix CVE-2026-32005
To remediate CVE-2026-32005, upgrade the affected package to a fixed version below.
- —upgrade to 2026.2.25 or later
Is CVE-2026-32005 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2026.2.25