Openclaw, DM Pairing Bypass via Legacy Card Callbacks, No CVE (Medium)

Listen to this Post

The vulnerability resides in how the Feishu integration for Openclaw processes raw card send actions. In versions up to and including 2026.3.24, a raw card send could be crafted to mint a “legacy callback” payload that bypasses the usual DM (direct message) pairing validation. Normally, incoming callbacks are only accepted if the recipient is already paired with the bot through a valid DM session. However, the legacy payload path did not enforce this pairing check, allowing an unpaired recipient to trigger callback handling code that was intended exclusively for paired users. The bypass occurs because the raw card send surface generates a callback structure that the legacy handler interprets as coming from a paired context, even when no pairing exists. The fix, introduced in commit 81c45976db532324b5a0918a70decc19520dc354 (tag v2026.3.25), rejects these legacy raw-card command payloads entirely, forcing all callbacks through the normal paired validation path. Attackers could exploit this by sending a specially crafted Feishu raw card to a bot instance, causing it to execute callback logic (such as commands or actions) without ever establishing a legitimate DM pairing. The affected package is the npm module openclaw; verification shows the vulnerability is present in tag v2026.3.24 and is fixed in the main branch via the mentioned commit.
Platform: openclaw npm
Version: <= 2026.3.24
Vulnerability: DM pairing bypass
Severity: Medium
date: 2026-03-30

Prediction: 2026.03.25

What Undercode Say:

Check installed version
npm list openclaw
Verify vulnerable version
npm view openclaw versions --json | grep "2026.3.24"
Patch by upgrading
npm install [email protected]
Confirm fix commit is applied
git log --oneline | grep 81c45976

How Exploit:

  1. Identify an Openclaw instance using Feishu integration with version ≤2026.3.24.
  2. Craft a raw card send payload that includes a legacy callback structure (e.g., `type: “legacy_raw_card”` with malicious callback_data).
  3. Send the payload to the bot’s Feishu surface without prior DM pairing.
  4. The bot processes the legacy callback, executing unintended actions as if the sender were paired.

Protection from this CVE

  • Upgrade Openclaw to version 2026.3.25 or later.
  • If patching is not immediately possible, disable Feishu raw card sends or apply the fix commit 81c45976 manually.
  • Review callback handlers to enforce explicit DM pairing checks even on legacy paths.

Impact:

Unpaired remote users can trigger privileged callback handlers, leading to unauthorized command execution, data exposure, or abuse of bot functionality without establishing a valid DM relationship.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top