OpenClaw Feishu CVE-2026-62188
HIGHSeverity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable tool needing an existing low-trust authenticated caller (PR:L) and no interaction; broken authorization exposes and alters protected data (C:H/I:H) without availability impact.
Primary rating from Vendor (VulnCheck).
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
OpenClaw @openclaw/feishu versions 2026.6.6 and earlier contain an incorrect authorization vulnerability in which the Feishu permission tools could ignore per-account disablement settings. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could perform actions that should have required a stronger authorization or policy check. The issue is fixed in version 2026.6.9.
AnalysisAI
Privilege escalation via broken authorization in the OpenClaw @openclaw/feishu integration (versions 2026.6.6 and earlier) allows a lower-trust, already-authenticated caller to invoke Feishu permission tools that should have been blocked by per-account disablement settings. Because the enforcement gap lets a low-privilege actor perform actions requiring stronger authorization, the flaw carries high confidentiality and integrity impact (CVSS 4.0 base 8.6). …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the Feishu permission tools feature to be enabled and network-reachable, and per the CVSS vector PR:L, the attacker must already hold low-level authenticated privileges - this is not anonymous access. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N) describes a network-reachable, low-complexity attack requiring only low existing privileges and no user interaction, yielding high confidentiality and integrity impact with no availability effect - a credible real priority for organizations running this integration. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A user or service holding only low-privilege credentials in an environment where the @openclaw/feishu permission tools are enabled and network-reachable sends a request that would normally be denied by the target account's disablement policy. Because the authorization decision is evaluated incorrectly, the action is permitted, letting the attacker read or modify data protected by a stronger authorization tier. … |
| Remediation | Vendor-released patch: upgrade @openclaw/feishu to 2026.6.9 or later, which corrects the per-account authorization enforcement; consult the GitHub advisory GHSA-w8wf-3qvj-6xqf (https://github.com/openclaw/openclaw/security/advisories/GHSA-w8wf-3qvj-6xqf) and the VulnCheck advisory (https://www.vulncheck.com/advisories/openclaw-feishu-authorization-bypass) for exact release notes. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, inventory all users with access to the OpenClaw Feishu integration, document their privilege levels, and audit access logs for the past 30 days. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Beijing Feishu Technology Co., Ltd Feishu v3.40.3 was discovered to contain an untrusted search path vulnerability. Rate
Authorization bypass in the @openclaw/feishu npm package (versions <= 2026.6.6) allows a lower-trust caller - or attacke
Same weakness CWE-863 – Incorrect Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today