CVE-2026-32899
OpenClaw's Slack reaction/pin sender-policy consistency issue in non-message ingress
Description
### Summary OpenClaw Slack monitor handled `reaction_*` and `pin_*` non-message events before applying sender-policy checks consistently. In affected versions, these events could be added to system-event context even when sender policy would not normally allow them. ### Affected Packages / Versions - Package: npm `openclaw` - Latest published affected version confirmed: `2026.2.24` (npm latest as of February 26, 2026) - Affected range: `<= 2026.2.24` - Patched version : `2026.2.25` ### Technical Details - `reaction_*` and `pin_*` handlers now route through shared sender authorization (`authorizeSlackSystemEventSender`). - Enforced checks now include: - DM `dmPolicy` / `allowFrom` - channel `users` allowlist enforcement for non-DM channels - channel-level allow checks before system-event enqueue - Regression coverage added for DM allow/deny and channel-user allowlist deny paths. ### Fix Commit(s) - `aedf62ac7e669a89c7b299201bf6537dc6b12e0e` - `75dfb71e4e8b7c2feba5a8ca662f92ea840e0147` ### Impact Low-severity policy-consistency issue in Slack non-message event ingress. This may introduce unexpected reaction/pin context signals from senders outside configured policy. ### Release Process Note `patched_versions` is pre-set to planned release `2026.2.25`. Advisory published with npm release `2026.2.25`. OpenClaw thanks @tdjackey for reporting.
How to fix CVE-2026-32899
To remediate CVE-2026-32899, upgrade the affected package to a fixed version below.
- —upgrade to 2026.2.25 or later
Is CVE-2026-32899 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2026.2.25