OpenClaw, MS Teams Feedback Invocation Bypass, GitHub Advisory (Moderate)

Listen to this Post

The vulnerability resides in the Microsoft Teams integration of OpenClaw, specifically in the handling of feedback invocation messages. Prior to the fix, the feedback command did not enforce the same sender authorization checks that were applied to standard direct message (DM) and group channel interactions. An attacker with the ability to send messages to a Teams bot—even if they were not present in the bot’s allowlist—could invoke the feedback mechanism. The invocation would bypass the sender allowlist entirely, allowing the attacker to record unauthorized session feedback. In some configurations, the feedback could also be reflected back into the session, creating a vector for further manipulation. The root cause was a missing call to the existing DM/group authorization function inside the feedback‑invoke code path. The vulnerable code existed in versions up to and including v2026.3.24. The fix, implemented in commit c5415a474bb085404c20f8b312e436997977b1ea, adds the same authorization checks that are already used for other interactive commands. After the patch, any feedback invocation is first validated against the bot’s configured sender allowlists and group permissions, preventing unauthorized actors from triggering feedback recording. The advisory was published to the GitHub Advisory Database on March 29, 2026, with a moderate severity rating due to the potential for unauthorized data collection and session integrity compromise.

dailycve form:

Platform: OpenClaw MS Teams
Version: <= 2026.3.24
Vulnerability: Authorization Bypass
Severity: Moderate
date: March 26, 2026

Prediction: Patch: 2026.3.25

What Undercode Say:

Analytics

Check installed OpenClaw version
openclaw --version
Verify if the fix commit is present
git log --oneline | grep c5415a474bb085404c20f8b312e436997977b1ea
Simulate a feedback invoke before patch (requires network capture)
Example: POST /teams/feedback with unauthorized sender ID

how Exploit:

An attacker sends a specially crafted Microsoft Teams message to the bot using the feedback invocation syntax. If the bot is running a vulnerable version (≤2026.3.24), it processes the request without verifying the sender’s allowlist status, recording the feedback and potentially exposing internal session data.

Protection from this CVE

Update to OpenClaw `2026.3.25` or later, or apply the commit `c5415a474bb085404c20f8b312e436997977b1ea` manually. If immediate update is not possible, temporarily disable MS Teams feedback commands via configuration until the patch is deployed.

Impact:

Unauthorized actors can record session feedback, bypassing sender allowlists and group restrictions. This can lead to data leakage, unintended reflection of feedback, and undermines the security model of the Teams integration.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top