A privilege escalation vulnerability in OpenClaw’s Slack integration allows attackers to bypass security restrictions and execute administrative commands via direct messages.

The vulnerability exists in the Slack slash-command handler when the dmPolicy is configured to "open." This allows an authenticated Slack user to bypass allowlist and access-group restrictions by sending direct messages that the system incorrectly authorizes as privileged commands.

This flaw allows standard users or external entities with DM access to escalate their privileges to an administrative level within the OpenClaw environment. Successful exploitation can lead to unauthorized system changes, data access, and the bypass of established security governance. The CVSS score of 9.8 highlights the critical risk associated with unauthorized command execution in a trusted communication platform.

Immediate Action: Upgrade OpenClaw to version 2026.2.14 or later to ensure the slash-command handler correctly validates user permissions.

Proactive Monitoring: Audit Slack integration logs and OpenClaw command execution history for any suspicious or unauthorized slash commands initiated via direct messages.

Compensating Controls: Temporarily disable the "open" dmPolicy configuration or restrict Slack DM access to the OpenClaw bot until the patch is applied.

Public Exploit Available: false

Organizations utilizing OpenClaw with Slack integrations must immediately verify their dmPolicy settings and apply the 2026.2.14 update. Given the privilege escalation potential, it is critical to ensure that only authorized personnel can trigger backend operations through chat interfaces.