Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
OpenClaw versions 2026.4.10 before 2026.4.14 contain a missing authorization vulnerability in the Microsoft Teams SSO invoke handler that fails to apply sender allowlist checks. Attackers can bypass sender authorization by sending SSO invoke requests that are processed without proper validation, allowing unauthorized access to Teams SSO signin functionality.
AnalysisAI
OpenClaw versions 2026.4.10 through 2026.4.13 fail to enforce sender allowlist checks in the Microsoft Teams SSO invoke handler, allowing attackers to bypass authorization controls and access Teams SSO sign-in functionality without proper validation. The vulnerability affects unauthenticated remote attackers and has been patched in version 2026.4.14, which routes SSO invoke handling through the standard sender authorization path used by normal message handling.
Technical ContextAI
OpenClaw is a Node.js/npm-based package that provides integration and automation handling for Microsoft Teams. The vulnerability exists in the Microsoft Teams extension's SSO (single sign-on) invoke handler, specifically in the monitor-handler.sso component. The SSO invoke handler processes signin/tokenExchange and signin/verifyState invoke requests from Teams but was missing critical sender allowlist validation logic. Teams administrators configure sender allowlists via policies (dmPolicy, groupPolicy) and specific allowlist entries (allowFrom, groupAllowFrom) to restrict who can invoke SSO operations. The CWE-862 (Missing Authorization) root cause reflects that the authorization checks present in normal Teams message handling were not replicated in the SSO code path, creating a logic gap where privileged operations could be initiated by unauthorized senders. The commit diff shows the fix adds comprehensive coverage for three denied sender scenarios: direct message senders outside the DM allowlist, group chat senders outside the group allowlist, and channel-based senders outside team/channel allowlists.
RemediationAI
Upgrade to OpenClaw version 2026.4.14 or later via npm (npm install openclaw@2026.4.14 or npm update openclaw). This is the primary remediation; no workarounds are available because the vulnerability is fundamental to the SSO handler logic. The patch (commit 80b1fa17bfc3f6a668492f0326ea52f48bb89776, PR #66033) integrates sender allowlist validation into the SSO invoke code path by routing SSO requests through the same authorization checks used for normal Teams message handling. Organizations unable to upgrade immediately should implement network-level restrictions on Teams SSO requests to OpenClaw, though this may break legitimate SSO functionality and is not recommended as a long-term mitigation. Review Teams sender allowlist configurations (dmPolicy, groupPolicy, allowFrom, groupAllowFrom) after patching to ensure they match organizational intent, as the fix enforces these policies correctly for the first time. Monitor OpenClaw logs for 'dropping signin invoke' messages post-patch to confirm SSO authorization is functioning.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-27295