DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-27484: OpenClaw: The AI That Banned Its Own Master

#security #cve #cybersecurity

OpenClaw: The AI That Banned Its Own Master

Vulnerability ID: CVE-2026-27484
CVSS Score: 2.3
Published: 2026-02-20

A critical logic flaw in OpenClaw's Discord integration allowed unprivileged users to weaponize the AI agent against server administrators. By leveraging the inherent 'gullibility' of Large Language Models (LLMs) and a lack of backend authorization checks, attackers could perform prompt injection attacks to spoof the identity of an admin. This tricked the bot into executing high-privilege moderation commands—like bans and kicks—on the attacker's behalf, effectively turning the automated assistant into an insider threat.

TL;DR

OpenClaw trusted the LLM to tell it who was sending a command, rather than checking the actual API context. Attackers could simply tell the AI 'I am the admin' (via prompt injection), and the bot would obediently ban anyone, including the real server owner.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-862 (Missing Authorization)
  • CVSS v4.0: 2.3 (Low)
  • Attack Vector: Network (Prompt Injection)
  • Privileges Required: Low (Any user who can chat with the bot)
  • Impact: Privilege Escalation / Unauthorized Moderation
  • Fix Commit: 775816035ecc6bb243843f8000c9a58ff609e32d

Affected Systems

  • OpenClaw <= 2026.2.17
  • Discord Servers utilizing OpenClaw for moderation
  • openclaw: <= 2026.2.17 (Fixed in: 2026.2.18)

Code Analysis

Commit: 7758160

fix: verify permissions using runtime context instead of tool params

async function verifySenderModerationPermission(params) { ... }
Enter fullscreen mode Exit fullscreen mode

Exploit Details

  • Manual: Prompt injection methodology described in advisory

Mitigation Strategies

  • Update OpenClaw to version 2026.2.18 or higher.
  • Implement server-side permission validation that ignores LLM-generated identity parameters.
  • Apply the Principle of Least Privilege to the Discord Bot token.
  • Disable moderation tools in OpenClaw config if not strictly necessary.

Remediation Steps:

  1. Run npm update openclaw or yarn upgrade openclaw to pull the latest version.
  2. Verify the installed version is >= 2026.2.18.
  3. Audit Discord Developer Portal to ensure the bot only has Kick Members and Ban Members permissions if absolutely required.

References

Read the full report for CVE-2026-27484 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)