CVE-2026-32906 OpenClaw CVE debrief

Who should care

Organizations using OpenClaw for Slack plugin management with multi-level approval workflows. Security teams responsible for authorization controls and separation of duties in CI/CD or plugin deployment pipelines.

Technical summary

The vulnerability exists in the Slack plugin approval mechanism of OpenClaw. Users with exec authorization can resolve plugin approvals through the exec approver gate, effectively bypassing configured approval splits. This allows attackers with limited exec approval permissions to approve plugin actions that should require additional operator-configured approvals. The attack requires network access and low privileges, with partial attack complexity due to the need for prior exec authorization.

Defensive priority

LOW

Recommended defensive actions

• Upgrade OpenClaw to version 2026.5.12 or later to remediate this vulnerability.
• Review and audit Slack plugin approval configurations to ensure proper separation of duties between exec and non-exec approvers.
• Monitor audit logs for unauthorized plugin approvals that may indicate exploitation of this vulnerability.
• Verify that plugin approval workflows enforce intended approval splits and cannot be bypassed by users with limited exec permissions.

Evidence notes

CVSS 4.0 vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. Weakness: CWE-863.

Official resources