DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-RF6H-5GPW-QRGQ: GHSA-RF6H-5GPW-QRGQ: Authorization Bypass in OpenClaw Microsoft Teams Extension via Invoke Activities

#security #cve #cybersecurity #ghsa

GHSA-RF6H-5GPW-QRGQ: Authorization Bypass in OpenClaw Microsoft Teams Extension via Invoke Activities

Vulnerability ID: GHSA-RF6H-5GPW-QRGQ
CVSS Score: 5.3
Published: 2026-03-29

OpenClaw versions up to 2026.3.24 contain an authorization bypass vulnerability in the Microsoft Teams extension. The flaw allows unauthorized users to bypass sender allowlists by sending specially crafted invoke activities, leading to unauthorized session feedback recording and potential feedback reflection.

TL;DR

An authorization bypass in OpenClaw's MS Teams integration allows attackers outside the allowlist to submit session feedback via invoke activities, polluting session logs and triggering unauthorized AI actions.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-863 (Incorrect Authorization)
  • Attack Vector: Network (Crafted Microsoft Teams Activity)
  • Impact: Unauthorized Data Manipulation / Privilege Abuse
  • Exploit Status: Proof of Concept (Unit Test)
  • CVSS Score: 5.3 (Medium)
  • Affected Component: MSTeamsActivityHandler

Affected Systems

  • OpenClaw AI Framework
  • OpenClaw Microsoft Teams Extension (extensions/msteams)
  • openclaw: <= 2026.3.24 (Fixed in: > 2026.3.24)

Code Analysis

Commit: c5415a4

Implement shared MSTeams sender access resolution and enforce authorization on feedback invoke activities

Exploit Details

  • Fix Commit Test Code: The patch includes monitor-handler.feedback-authz.test.ts simulating an attacker-aad identity exploiting the bypass.

Mitigation Strategies

  • Implement centralized authorization functions for all API endpoints
  • Monitor Microsoft Teams integration logs for abnormal invoke activity patterns
  • Enforce strict dmPolicy and allowFrom configurations

Remediation Steps:

  1. Upgrade the openclaw package to a version released post-March 26, 2026
  2. Verify that extensions/msteams configuration maintains a strict allowlist
  3. Audit existing .jsonl session files for injected feedback from unknown identifiers

References

Read the full report for GHSA-RF6H-5GPW-QRGQ on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)