Listen to this Post
The vulnerability resides in how OpenClaw processes synthetic events originating from Feishu message reactions. When a user reacts to a message in a Feishu group chat, the platform sends a payload to the OpenClaw webhook. If this inbound reaction payload omits the `chat_type` field, the OpenClaw parser misclassifies the event’s origin. Instead of being processed as a group conversation, the event is incorrectly flagged as a peer-to-peer (p2p) direct message. The core authorization logic, which includes `groupAllowFrom` (user whitelists for groups) and `requireMention` (gating responses on @mentions), relies on this `chat_type` classification. Because the event is mistaken for a direct message, these group-specific protections are completely bypassed, allowing an unauthorized user in a group to trigger the AI agent without being whitelisted or mentioning the bot .
DailyCVE Form:
Platform: OpenClaw Feishu
Version: <= 2026.3.11
Vulnerability : Auth Bypass
Severity: Moderate
date: Mar 13, 2026
Prediction: Mar 14, 2026
What Undercode Say:
Analytics
The vulnerability is triggered by missing data (omitted chat_type) in a vendor webhook payload, leading to a logical fallback to an incorrect handler (p2p vs. group). It bypasses `groupAllowFrom` and `requireMention` configurations .
Exploit
No public PoC exists, but the attack vector is a forged/malformed Feishu reaction event.
Example of a vulnerable configuration check:
Check if your config relies on group protections without webhook secret verification.
grep -r "groupAllowFrom" config/channels.yml
grep -r "requireMention" config/channels.yml
The malicious payload would be a standard Feishu reaction webhook POST
that simply omits the "chat_type": "group" field.
Example cURL concept (not a working exploit without valid tokens/webhook URL):
curl -X POST https://your-openclaw-webhook.com/feishu \
-H "Content-Type: application/json" \
-d '{
"event": {
"type": "reaction_added_v1",
"message_id": "fake_msg_123",
"reaction_type": "emoji",
"user_id": "unauthorized_user_456",
"peer_id": "group_id_789"
"chat_type": "group" <-- MISSING FIELD
}
}'
Protection from this CVE
1. Upgrade OpenClaw to the patched version. npm install [email protected] or yarn upgrade openclaw --latest 2. Verify the installation. npm list openclaw 3. Restart the OpenClaw service. systemctl restart openclaw or relevant process manager command 4. For defense-in-depth, ensure Feishu webhook mode is configured with encryptKey to prevent forgery, as per GHSA-g353-mgv3-8pcj . Check your config/feishu.yml for: encryptKey: "your-32-byte-key"
Impact
Successful exploitation allows a user who is not on a group’s allowed list (groupAllowFrom) to interact with the OpenClaw AI agent. It also allows a user to trigger the agent without mentioning the bot (requireMention bypass), potentially flooding the channel with unwanted responses or allowing unauthorized access to the AI’s capabilities and connected tools .
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

