@openclaw/mattermost 2026.2.21 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the @openclaw/mattermost package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Incorrect Authorization @openclaw/mattermost is an OpenClaw Mattermost channel plugin Affected versions of this package are vulnerable to Incorrect Authorization in the `auth` process. An attacker can gain unauthorized access by sending requests with add-on principals that are not bound to the intended deployment. How to fix Incorrect Authorization? A fix was pushed into the `master` branch but not yet published.	>=0.0.0
M Incorrect Authorization @openclaw/mattermost is an OpenClaw Mattermost channel plugin Affected versions of this package are vulnerable to Incorrect Authorization in the room authorization process. An attacker can gain unauthorized access to rooms with similar names by exploiting the matching logic that relies on collidable room names instead of stable room tokens. How to fix Incorrect Authorization? A fix was pushed into the `master` branch but not yet published.	>=0.0.0
L Incorrect Authorization @openclaw/mattermost is an OpenClaw Mattermost channel plugin Affected versions of this package are vulnerable to Incorrect Authorization through improper access control in the pairing store process. An attacker can gain unauthorized access to another account's direct message pairing by leveraging approval from a different account in multi-account deployments. How to fix Incorrect Authorization? A fix was pushed into the `master` branch but not yet published.	*

Vulnerability

Vulnerable Version

Incorrect Authorization

@openclaw/mattermost is an OpenClaw Mattermost channel plugin

Affected versions of this package are vulnerable to Incorrect Authorization in the auth process. An attacker can gain unauthorized access by sending requests with add-on principals that are not bound to the intended deployment.

How to fix Incorrect Authorization?

A fix was pushed into the master branch but not yet published.

>=0.0.0

Incorrect Authorization

@openclaw/mattermost is an OpenClaw Mattermost channel plugin

Affected versions of this package are vulnerable to Incorrect Authorization in the room authorization process. An attacker can gain unauthorized access to rooms with similar names by exploiting the matching logic that relies on collidable room names instead of stable room tokens.

How to fix Incorrect Authorization?

A fix was pushed into the master branch but not yet published.

>=0.0.0

Incorrect Authorization

@openclaw/mattermost is an OpenClaw Mattermost channel plugin

Affected versions of this package are vulnerable to Incorrect Authorization through improper access control in the pairing store process. An attacker can gain unauthorized access to another account's direct message pairing by leveraging approval from a different account in multi-account deployments.

How to fix Incorrect Authorization?

A fix was pushed into the master branch but not yet published.

@openclaw/mattermost@2026.2.21 vulnerabilities

OpenClaw Mattermost channel plugin

latest version

first published

latest version published

Direct Vulnerabilities

Fix vulnerabilities automatically