In openclaw versions 2026.2.22 and 2026.2.23, the optional synology-chat channel plugin had an authorization fail-open condition: when dmPolicy was allowlist and allowedUserIds was empty/unset, unauthorized senders were still allowed through to agent dispatch.
This is assessed as medium severity because it requires channel/plugin setup and Synology sender access, but can still trigger downstream agent/tool actions.
openclaw (npm)>= 2026.2.22, <= 2026.2.232026.2.232026.2.24Root cause was a policy mismatch across plugin code paths:
1. Default resolved DM policy was allowlist.
2. Empty allowedUserIds was treated as allow-all.
3. Webhook auth in allowlist mode depended on that helper.
Result: allowlist with empty list behaved like open access for inbound Synology senders.
0ee30361b8f6ef3f110f3a7b001da6dd3df96bb57655c0cb3a47d0647cbbf5284e177f90b4b82ddbpatched_versions is pre-set to the planned next release (>= 2026.2.24). Once npm release 2026.2.24 is published, the advisory can be published directly.
OpenClaw thanks @tdjackey for reporting.
[email protected] is published on npm and contains the fix commit(s) listed above. This advisory now marks >= 2026.2.24 as patched.
| Score | Percentile |
|---|---|
| 0.06% | 19.31% |
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 5.3 | 4.0 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-gw85-xp4q-5gp9 ↗ |
| CVE | CVE-2026-31998 ↗ |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| npm | openclaw | >= 2026.2.22, <= 2026.2.23 | 2026.2.24 | — |