Slack Privilege Escalation (CVE-2026-28392)

Overview

A critical privilege escalation vulnerability has been identified in OpenClaw, a security automation platform. This flaw allows unauthorized users to bypass critical security controls and execute highly privileged commands within a Slack workspace.

Vulnerability Details

In OpenClaw versions before 2026.2.14, a specific configuration setting creates a dangerous security hole. The platform’s handler for Slack slash commands contains a logic error. When the dmPolicy setting is configured to “open,” the system incorrectly authorizes any user who sends a command via a direct message (DM) in Slack.

This bypasses two core security layers:

1. Command Allowlists: The list of approved slash commands is ignored.
2. Access-Group Restrictions: The system does not check if the user is a member of the required security groups.

Essentially, if this setting is enabled, any member of your Slack workspace could send a direct message to the OpenClaw bot and run commands with elevated privileges, without proper authorization.

Potential Impact

The severity of this vulnerability is CRITICAL (CVSS Score: 9.8). Successful exploitation could allow an attacker, including a low-privileged or compromised user account, to:

• Execute arbitrary administrative commands on the OpenClaw platform.
• Access, modify, or delete sensitive security automation data and workflows.
• Potentially use OpenClaw’s integrations to move laterally to other connected systems within your environment.
• Disrupt security operations and incident response processes.

Remediation and Mitigation

Immediate action is required to secure affected systems.

Primary Remediation: The only complete fix is to upgrade your OpenClaw installation to version 2026.2.14 or later. This update corrects the authorization logic. Consult the official OpenClaw documentation for upgrade procedures.

Immediate Mitigation (If Upgrade is Not Immediately Possible):

1. Change the Configuration: Immediately check and modify the dmPolicy setting in your OpenClaw configuration. It must not be set to “open.” Set it to a more restrictive policy such as “allowlist” or “closed” according to your operational needs. This change will block the primary exploitation path.
2. Review Audit Logs: Examine OpenClaw and Slack audit logs for any unusual slash command activity, particularly from unexpected users or via direct messages, prior to applying the fix.
3. Principle of Least Privilege: As a general best practice, review and tighten user permissions within your Slack workspace connected to OpenClaw.

After applying the upgrade or configuration change, verify that slash command authorization is functioning correctly by testing commands from both authorized and unauthorized users.