Product
A vulnerability exists in OpenClaw versions prior to 2026.3.22 where Synology Chat reply delivery can be rebound to a mutable username match instead of the stable numeric user_id, potentially leading to information disclosure or privilege escalation.