Tag
OpenClaw before 2026.4.15 contains an authorization bypass vulnerability that allows attackers with DM-paired sender IDs to execute room control commands without being in configured allowlists, potentially enabling privileged OpenClaw behavior by posting in bot rooms.