AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-x2ff-j5c2-ggpr: OpenClaw: Slack interactive callbacks could skip configured sender checks in some shared-workspace flows

highvulnerability

security

Source: GitHub Advisory DatabaseMarch 4, 2026

Summary

OpenClaw, a Slack integration tool, had a security flaw where some interactive callbacks (actions triggered by users in Slack, like button clicks) could skip sender authorization checks in shared workspaces. This meant an unauthorized workspace member could inject system messages into an active session, though the flaw did not allow unauthenticated access or broader system compromise.

Solution / Mitigation

Update to OpenClaw version 2026.2.25 or later. The fix is included in npm release 2026.2.25, which addresses the authorization check bypass in interactive callbacks.

Classification

Attack Type

Prompt Injection

Attack SophisticationModerate

Impact (CIA+S)

integrity

AI Component TargetedAgent

Affected Vendors

Affected Packages

openclaw@<= 2026.2.24 (fixed: 2026.2.25)

Related Issues

high

AI Kill Chain in Action: Devin AI Exposes Ports to the Internet with Prompt Injection

Similar attackEmbrace The Red

medium

CVE-2024-45989: Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Act

First tracked: March 4, 2026 at 03:00 PM

Classified by LLM (prompt v3) · confidence: 85%