Is AI / ML affected by CVE-2026-27484?

Organizations using OpenClaw should be aware of moderate risk from CVE-2026-27484, a missing authorization vulnerability rated CVSS 4.3. Attackers could gain access beyond their authorized level. A patch is available and should be applied during regular vulnerability management.

CVE-2026-27484

MEDIUM

2026-02-21 [email protected]

GHSA-wh94-p5m6-mr7j

4.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:04 vuln.today

Patch Released

Feb 23, 2026 - 20:44 nvd

Patch available

CVE Published

Feb 21, 2026 - 10:16 nvd

MEDIUM 4.3

Description

OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the Discord moderation action handling (timeout, kick, ban) uses sender identity from request parameters in tool-driven flows, instead of trusted runtime sender context. In setups where Discord moderation actions are enabled and the bot has the necessary guild permissions, a non-admin user can request moderation actions by spoofing sender identity fields. This issue has been fixed in version 2026.2.18.

Analysis

Unauthorized Discord moderation actions in OpenClaw versions 2026.2.17 and below allow non-admin users to execute timeouts, kicks, and bans by spoofing sender identity parameters in tool-driven requests. The vulnerability affects deployments where Discord moderation is enabled and the bot has necessary guild permissions, enabling privilege escalation through identity manipulation. …

Remediation

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +22

POC: 0

CVE-2026-27484 vulnerability details – vuln.today

Back

CVE-2026-27484

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-27484

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code