Skip to main content

OpenClaw CVE-2026-43572

| EUVDEUVD-2026-27295 MEDIUM
Missing Authorization (CWE-862)
2026-05-05 VulnCheck
6.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
CVSS changed
May 05, 2026 - 12:37 NVD
5.3 (MEDIUM) 6.3 (MEDIUM)
Source Code Evidence Fetched
May 05, 2026 - 12:22 vuln.today
Analysis Generated
May 05, 2026 - 12:22 vuln.today

DescriptionCVE.org

OpenClaw versions 2026.4.10 before 2026.4.14 contain a missing authorization vulnerability in the Microsoft Teams SSO invoke handler that fails to apply sender allowlist checks. Attackers can bypass sender authorization by sending SSO invoke requests that are processed without proper validation, allowing unauthorized access to Teams SSO signin functionality.

AnalysisAI

OpenClaw versions 2026.4.10 through 2026.4.13 fail to enforce sender allowlist checks in the Microsoft Teams SSO invoke handler, allowing attackers to bypass authorization controls and access Teams SSO sign-in functionality without proper validation. The vulnerability affects unauthenticated remote attackers and has been patched in version 2026.4.14, which routes SSO invoke handling through the standard sender authorization path used by normal message handling.

Technical ContextAI

OpenClaw is a Node.js/npm-based package that provides integration and automation handling for Microsoft Teams. The vulnerability exists in the Microsoft Teams extension's SSO (single sign-on) invoke handler, specifically in the monitor-handler.sso component. The SSO invoke handler processes signin/tokenExchange and signin/verifyState invoke requests from Teams but was missing critical sender allowlist validation logic. Teams administrators configure sender allowlists via policies (dmPolicy, groupPolicy) and specific allowlist entries (allowFrom, groupAllowFrom) to restrict who can invoke SSO operations. The CWE-862 (Missing Authorization) root cause reflects that the authorization checks present in normal Teams message handling were not replicated in the SSO code path, creating a logic gap where privileged operations could be initiated by unauthorized senders. The commit diff shows the fix adds comprehensive coverage for three denied sender scenarios: direct message senders outside the DM allowlist, group chat senders outside the group allowlist, and channel-based senders outside team/channel allowlists.

RemediationAI

Upgrade to OpenClaw version 2026.4.14 or later via npm (npm install openclaw@2026.4.14 or npm update openclaw). This is the primary remediation; no workarounds are available because the vulnerability is fundamental to the SSO handler logic. The patch (commit 80b1fa17bfc3f6a668492f0326ea52f48bb89776, PR #66033) integrates sender allowlist validation into the SSO invoke code path by routing SSO requests through the same authorization checks used for normal Teams message handling. Organizations unable to upgrade immediately should implement network-level restrictions on Teams SSO requests to OpenClaw, though this may break legitimate SSO functionality and is not recommended as a long-term mitigation. Review Teams sender allowlist configurations (dmPolicy, groupPolicy, allowFrom, groupAllowFrom) after patching to ensure they match organizational intent, as the fix enforces these policies correctly for the first time. Monitor OpenClaw logs for 'dropping signin invoke' messages post-patch to confirm SSO authorization is functioning.

Share

CVE-2026-43572 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy