What is GHSA-c8w7-9w9h-x69q?

GHSA-c8w7-9w9h-x69q is a security advisory published by GitHub Security Advisories with Medium severity. OpenClaw before 2026.5.12 contains a notification bypass vulnerability allowing Slack reaction...

Which CVE IDs does GHSA-c8w7-9w9h-x69q cover?

GHSA-c8w7-9w9h-x69q covers the following CVE IDs: CVE-2026-53851. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-c8w7-9w9h-x69q?

GHSA-c8w7-9w9h-x69q has a CVSS v3 base score of 5.3, published by GitHub Security Advisories.

GHSA-c8w7-9w9h-x69qMediumCVSS 5.3

OpenClaw before 2026.5.12 contains a notification bypass vulnerability allowing Slack reaction...

Vendor

GitHub Security Advisories

Published

June 16, 2026

Last Modified

June 16, 2026

🔗 CVE IDs covered (1)

CVE-2026-53851 →

📋 Description

OpenClaw before 2026.5.12 contains a notification bypass vulnerability allowing Slack reaction events to enter the agent pipeline despite disabled reaction notifications. Attackers can trigger unintended agent processing by sending reaction events when the feature is enabled, potentially leading to unauthorized processing of lower-trust input.

🔗 References (4)

https://github.com/openclaw/openclaw/security/advisories/GHSA-fcvx-5cxc-v5p8
https://nvd.nist.gov/vuln/detail/CVE-2026-53851
https://www.vulncheck.com/advisories/openclaw-slack-reaction-event-notification-bypass
https://github.com/advisories/GHSA-c8w7-9w9h-x69q