Cyber Resilience

CVE-2026-28392

HighPublic PoC

Published: 05 March 2026

Published
05 March 2026
Modified
10 March 2026
KEV Added
Patch
CVSS Score v4 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0035 26.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-28392 is a high-severity Incorrect Authorization (CWE-863) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 26.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Deeper analysis

OpenClaw versions prior to 2026.2.14 contain a privilege escalation vulnerability (CVE-2026-28392, CWE-863: Incorrect Authorization) in the Slack slash-command handler. The flaw arises when the dmPolicy is configured to open, causing the handler to incorrectly authorize any sender of a direct message. This affects OpenClaw deployments integrated with Slack, with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N), indicating high integrity impact from network-accessible exploitation without user interaction.

Unauthenticated attackers (PR:N) can exploit this by sending a direct message containing a privileged slash command to a targeted OpenClaw instance with dmPolicy set to open. Successful exploitation bypasses allowlist and access-group restrictions, allowing execution of privileged commands that would otherwise be restricted, resulting in unauthorized privilege escalation within the Slack integration.

Mitigation requires upgrading to OpenClaw version 2026.2.14 or later, as detailed in the GitHub security advisory (GHSA-v773-r54f-q32w) and the referenced commit (f19eabee54c49e9a2e264b4965edf28a2f92e657) that addresses the authorization logic. Additional guidance appears in the Vulncheck advisory, emphasizing configuration review of dmPolicy to avoid the open setting where possible.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

OpenClaw versions prior to 2026.2.14 contain a privilege escalation vulnerability in the Slack slash-command handler that incorrectly authorizes any direct message sender when dmPolicy is set to open (must be configured). Attackers can execute privileged slash commands via direct message…

more

to bypass allowlist and access-group restrictions.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The CVE describes unauthenticated remote exploitation of an internet-facing Slack integration (dmPolicy=open) via slash commands, directly enabling T1190 (Exploit Public-Facing Application) for initial unauthorized access and T1068 (Exploitation for Privilege Escalation) to bypass authorization and execute restricted privileged commands.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-32914Same product: Openclaw Openclaw
CVE-2026-44110Same product: Openclaw Openclaw
CVE-2026-42426Same product: Openclaw Openclaw
CVE-2026-32005Same product: Openclaw Openclaw
CVE-2026-28473Same product: Openclaw Openclaw
CVE-2026-32924Same product: Openclaw Openclaw
CVE-2026-42429Same product: Openclaw Openclaw
CVE-2026-33579Same product: Openclaw Openclaw
CVE-2026-32915Same product: Openclaw Openclaw
CVE-2026-33577Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.2.14

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for privileged slash commands, directly preventing incorrect authorization of direct message senders in the Slack handler.

prevent

Requires timely identification and remediation of the authorization flaw via upgrade to OpenClaw 2026.2.14 or later.

prevent

Mandates secure configuration settings like restricting dmPolicy from 'open' to avoid triggering the vulnerability.

References