OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in Discord text approval commands that allows non-approvers to resolve pending exec app…

OpenClaw versions before 2026.3.28 contain a critical authorization bypass vulnerability in Discord text approval commands. The vulnerability allows non-authorized users to resolve pending execution approvals by sending Discord text commands that bypass the channels.discord.execApprovals.approvers allowlist. Attackers can exploit this flaw to approve pending host execution requests without proper authorization. This represents a significant security risk as it undermines the approval process for host execution commands. Organizations using OpenClaw should immediately upgrade to version 2026.3.28 or later to mitigate this vulnerability.