Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Blast Radius
ecosystem impact- 3 npm packages depend on openclaw (3 direct, 0 indirect)
Ecosystem-wide dependent count for version 2026.3.28.
DescriptionCVE.org
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback invokes that allows unauthorized senders to record session feedback. Attackers can bypass sender allowlist checks via feedback invoke endpoints to trigger unauthorized feedback recording or reflection.
AnalysisAI
OpenClaw before version 2026.3.25 allows unauthenticated remote attackers to bypass sender allowlist checks in Microsoft Teams feedback invoke endpoints, enabling unauthorized recording of session feedback. The vulnerability exploits improper authorization logic in feedback processing, granting attackers the ability to trigger feedback recording or reflection operations that should be restricted to authorized senders. No public exploit code has been identified at the time of analysis.
Technical ContextAI
The vulnerability exists in OpenClaw's Microsoft Teams integration, specifically in the feedback invoke endpoint handlers that process feedback-related operations. The root cause is classified as CWE-288 (Authentication Using a Broken or Risky Cryptographic Algorithm), indicating that the allowlist mechanism protecting sender authorization fails to properly validate request origins or credentials. The feedback invoke endpoints are network-accessible components within the OpenClaw application that interact with Microsoft Teams, and attackers can craft requests that circumvent the intended sender validation logic, allowing arbitrary parties to trigger sensitive feedback operations that should only be available to whitelisted participants. The vulnerability affects the OpenClaw application across versions prior to 2026.3.25, as indicated by the CPE string cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:*:*:*.
RemediationAI
Vendors should upgrade OpenClaw to version 2026.3.25 or later, which includes fixes to the feedback invoke endpoint authorization logic. The upstream fix is documented in commit c5415a474bb085404c20f8b312e436997977b1ea on the OpenClaw GitHub repository. Organizations should apply this patch immediately to prevent unauthorized feedback recording in their Teams integrations. For detailed guidance, refer to the official GitHub security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-rf6h-5gpw-qrgq and the vendor's advisory at https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-microsoft-teams-feedback-invoke. If immediate patching is not possible, review feedback invoke endpoint access logs for suspicious patterns and consider temporarily disabling Teams feedback functionality until the patch is deployed.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-21454