@openclaw/matrix 2026.2.14

Direct Vulnerabilities

Known vulnerabilities in the @openclaw/matrix package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Incorrect Authorization @openclaw/matrix is an OpenClaw Matrix channel plugin Affected versions of this package are vulnerable to Incorrect Authorization via the DM pairing-store process. An attacker can gain unauthorized access to privileged room control commands by leveraging DM-paired sender IDs to bypass configured allowlists when posting in bot rooms. How to fix Incorrect Authorization? Upgrade `@openclaw/matrix` to version 2026.5.9-beta.1 or higher.	<2026.5.9-beta.1
H Incorrect Authorization @openclaw/matrix is an OpenClaw Matrix channel plugin Affected versions of this package are vulnerable to Incorrect Authorization via the `operator.write` message-tool. An attacker can modify persistent Matrix profile configuration without proper authorization by sending crafted requests through message-tool paths that bypass intended admin-level restrictions. How to fix Incorrect Authorization? Upgrade `@openclaw/matrix` to version 2026.5.9-beta.1 or higher.	<2026.5.9-beta.1
L Incorrect Authorization @openclaw/matrix is an OpenClaw Matrix channel plugin Affected versions of this package are vulnerable to Incorrect Authorization in the process that fetches thread root and reply context, which bypasses the sender allowlist. An attacker can gain unauthorized access to message threads by exploiting this bypass. How to fix Incorrect Authorization? Upgrade `@openclaw/matrix` to version 2026.5.9-beta.1 or higher.	<2026.5.9-beta.1
M Incorrect Authorization @openclaw/matrix is an OpenClaw Matrix channel plugin Affected versions of this package are vulnerable to Incorrect Authorization via the DM access check process. An attacker can interact with unpaired or unauthorized DM peers by sending verification notices that bypass intended access restrictions. How to fix Incorrect Authorization? Upgrade `@openclaw/matrix` to version 2026.3.7 or higher.	<2026.3.7
L Incorrect Authorization @openclaw/matrix is an OpenClaw Matrix channel plugin Affected versions of this package are vulnerable to Incorrect Authorization through improper access control in the pairing store process. An attacker can gain unauthorized access to another account's direct message pairing by leveraging approval from a different account in multi-account deployments. How to fix Incorrect Authorization? Upgrade `@openclaw/matrix` to version 2026.3.1 or higher.	<2026.3.1

Vulnerability

Vulnerable Version

Incorrect Authorization

@openclaw/matrix is an OpenClaw Matrix channel plugin

Affected versions of this package are vulnerable to Incorrect Authorization via the DM pairing-store process. An attacker can gain unauthorized access to privileged room control commands by leveraging DM-paired sender IDs to bypass configured allowlists when posting in bot rooms.