CVE-2026-27484 - OpenClaw Discord moderation authorization used untrusted sender identity in tool...

CVE ID : CVE-2026-27484 Published : Feb. 21, 2026, 10:16 a.m. | 57 minutes ago Description : OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the Discord moderation action handling (timeout, kick, ban) uses sender identity from request parameters in tool-driven flows, instead of trusted runtime sender context. In setups where Discord moderation actions are enabled and the bot has the necessary guild permissions, a non-admin user can request moderation actions by spoofing sender identity fields. This issue has been fixed in version 2026.2.18. Severity: 2.3 | LOW Visit the link for more details, such as CVSS details, affected products, timeline, and more...