OpenClaw < 2026.3.31 - Access Control Bypass in Discord Voice Manager via Channel Allowlist

OpenClaw before 2026.3.31 contains an access control bypass vulnerability in the Discord voice manager that allows attackers to bypass channel-level member access allowlist restrictions. Attackers can send Discord voice ingress requests before channel allowlist authorization is performed, gaining unauthorized access to restricted voice channels.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

授权机制不正确

OpenClaw 安全漏洞

OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.3.31之前版本存在安全漏洞，该漏洞源于Discord语音管理器中的访问控制绕过漏洞，允许攻击者绕过通道级成员访问允许列表限制。攻击者可以在通道允许列表授权之前发送Discord语音入口请求，获得对受限语音通道的未授权访问。

N/A

N/A