GHSA-25pw-4h6w-qwvm

### Summary In `openclaw@2026.2.25`, BlueBubbles group authorization could incorrectly treat DM pairing-store identities as group allowlist identities when `dmPolicy=pairing` and `groupPolicy=allowlist`.

A sender that was only DM-paired (not explicitly present in `groupAllowFrom`) could pass group sender checks for message and reaction ingress.

Per OpenClaw's `SECURITY.md` trust model, this is a constrained authorization-consistency issue, not a multi-tenant boundary bypass or host-privilege escalation.

### Affected Packages / Versions - Package: `openclaw` (npm) - Latest published npm version at triage time: `2026.2.25` - Affected versions: `<= 2026.2.25` - Patched versions: `>= 2026.2.26` (planned next release)

### Technical Details Root cause was DM/group allowlist composition where DM pairing-store identities could flow into group authorization decisions.

Fix approach: - centralize DM/group authorization composition via shared resolvers - remove local DM/group list recomposition at channel callsites - add cross-channel regression coverage for message + reaction ingress - add CI guard to block future pairing-store leakage into group auth composition

### Impact - Affects deployments using BlueBubbles with `groupPolicy=allowlist` and `dmPolicy=pairing` when pairing-store entries are present. - Could allow DM-authorized identities to be treated as group-authorized without explicit `groupAllowFrom` membership. - Does **not** bypass gateway auth, sandbox boundaries, or create new host-level privilege beyond existing DM authorization.

### Fix Commit(s) - `051fdcc428129446e7c084260f837b7284279ce9`

### Release Process Note `patched_versions` is pre-set to the planned next release (`2026.2.26`) so once npm `2026.2.26` is published, this advisory can be published without further content edits.

OpenClaw thanks @tdjackey for reporting.