OpenClaw, Authorization Bypass, CVE-2026-??? (Moderate)

Listen to this Post

The vulnerability resides in how OpenClaw processes synthetic events originating from Feishu message reactions. When a user reacts to a message in a Feishu group chat, the platform sends a payload to the OpenClaw webhook. If this inbound reaction payload omits the `chat_type` field, the OpenClaw parser misclassifies the event’s origin. Instead of being processed as a group conversation, the event is incorrectly flagged as a peer-to-peer (p2p) direct message. The core authorization logic, which includes `groupAllowFrom` (user whitelists for groups) and `requireMention` (gating responses on @mentions), relies on this `chat_type` classification. Because the event is mistaken for a direct message, these group-specific protections are completely bypassed, allowing an unauthorized user in a group to trigger the AI agent without being whitelisted or mentioning the bot .

DailyCVE Form:

Platform: OpenClaw Feishu
Version: <= 2026.3.11
Vulnerability : Auth Bypass
Severity: Moderate
date: Mar 13, 2026

Prediction: Mar 14, 2026

What Undercode Say:

Analytics

The vulnerability is triggered by missing data (omitted chat_type) in a vendor webhook payload, leading to a logical fallback to an incorrect handler (p2p vs. group). It bypasses `groupAllowFrom` and `requireMention` configurations .

Exploit

No public PoC exists, but the attack vector is a forged/malformed Feishu reaction event.
Example of a vulnerable configuration check:
Check if your config relies on group protections without webhook secret verification.
grep -r "groupAllowFrom" config/channels.yml
grep -r "requireMention" config/channels.yml
The malicious payload would be a standard Feishu reaction webhook POST
that simply omits the "chat_type": "group" field.
Example cURL concept (not a working exploit without valid tokens/webhook URL):
curl -X POST https://your-openclaw-webhook.com/feishu \
-H "Content-Type: application/json" \
-d '{
"event": {
"type": "reaction_added_v1",
"message_id": "fake_msg_123",
"reaction_type": "emoji",
"user_id": "unauthorized_user_456",
"peer_id": "group_id_789"
"chat_type": "group" <-- MISSING FIELD
}
}'

Protection from this CVE

1. Upgrade OpenClaw to the patched version.
npm install [email protected]
or
yarn upgrade openclaw --latest
2. Verify the installation.
npm list openclaw
3. Restart the OpenClaw service.
systemctl restart openclaw or relevant process manager command
4. For defense-in-depth, ensure Feishu webhook mode is configured with encryptKey
to prevent forgery, as per GHSA-g353-mgv3-8pcj .
Check your config/feishu.yml for:
encryptKey: "your-32-byte-key"

Impact

Successful exploitation allows a user who is not on a group’s allowed list (groupAllowFrom) to interact with the OpenClaw AI agent. It also allows a user to trigger the agent without mentioning the bot (requireMention bypass), potentially flooding the channel with unwanted responses or allowing unauthorized access to the AI’s capabilities and connected tools .

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top