What are the five OpenClaw zero-day vulnerabilities discovered in June 2026?

Five zero-day flaws found in OpenClaw channel extensions for Slack, Discord, Matrix, Zalo, and Microsoft Teams. They all share the same root cause: display names are resolved to stable user IDs during service initialization, allowing attackers to impersonate trusted users.

How does the OpenClaw allowlist identity resolution bypass work?

During service startup, OpenClaw resolves allowlist entries via directory lookups based on mutable fields like displayName. An attacker changes their display name to match an allowlisted user before a restart, and the system binds the attacker's ID into the trusted list.

Was the OpenClaw allowlist bypass previously patched?

Yes. The same bug was identified and patched in the Telegram integration under advisory GHSA-mj5r-hh7j-4gxf. However, five other channel extensions independently reintroduced the same insecure pattern.

Who discovered the five OpenClaw channel allowlist zero-days?

The vulnerabilities were discovered by security researcher Philip Garabandic.

Which OpenClaw channels are affected by the identity resolution bypass?

Slack, Discord, Matrix, Zalo, and Microsoft Teams channel extensions are all affected. The Telegram fix did not propagate to these implementations.

← Back to dashboard

clawsmith.com/signal/openclaw-five-0day-channel-allowlist-identity-bypass-june-2026

⚠ IssueUnknownLive

Five OpenClaw 0-Days: Channel Allowlist Identity Resolution Bypass Across Slack, Discord, Matrix, Zalo, Teams

Five zero-day vulnerabilities found in OpenClaw channel extensions (Slack, Discord, Matrix, Zalo, Microsoft Teams) all share the same root cause: human-readable display names resolved to stable user IDs during service initialization. Attackers can impersonate trusted users by renaming themselves before a service restart. Originally patched in Telegram (GHSA-mj5r-hh7j-4gxf) but reintroduced independently in five other channels. Discovered by Philip Garabandic.

Product Idea from this Signal

A security policy engine that validates OpenClaw deployments against enterprise compliance rules before they go live

1.2k ▲

Microsoft just deployed OpenClaw to 3,000 employees via Project Lobster while their own Defender team warns to treat it as untrusted code execution. Meanwhile 138+ CVEs have been filed in 63 days and Cisco called it a security nightmare. Enterprises want OpenClaw but security teams are blocking it. This tool sits between the deployment decision and the live instance, running a compliance check against corporate security policies (auth enabled, CVE patches applied, network exposure limited, plugin allowlists enforced) and generating a pass/fail report with remediation steps.

CLIOPEN-SOURCESECURITYENTERPRISECOMPLIANCE

UnderservedView Opportunity →