Skip to main content

OpenClaw MS Teams CVE-2026-62224

| EUVDEUVD-2026-45112 LOW
Authentication Bypass by Spoofing (CWE-290)
2026-07-17 VulnCheck GHSA-fjfc-7x5g-g52w
2.3
CVSS 4.0 · Vendor: VulnCheck

Severity by source

Vendor (VulnCheck) PRIMARY
2.3 LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
4.2 MEDIUM

AC:H reflects the AT:P attack requirement (allowFrom must be configured); PR:L for required authenticated lower-trust session; no availability or scope impact.

3.1 AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jul 17, 2026 - 02:32 EUVD
Analysis Generated
Jul 17, 2026 - 01:03 vuln.today

DescriptionCVE.org

OpenClaw MS Teams before 2026.5.12 contain an authorization bypass vulnerability where the allowFrom feature binds to mutable display names. Attackers with lower-trust access can perform actions requiring stronger authorization by exploiting the mutable display name binding in the affected feature.

AnalysisAI

Authorization bypass in OpenClaw MS Teams before 2026.5.12 allows authenticated lower-privileged users to escalate their effective permissions by spoofing display names that the allowFrom access-control feature trusts as immutable identifiers. The root flaw (CWE-290) is that the authorization decision is anchored to a mutable attribute - the display name - rather than a stable, non-spoofable identity token. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate with lower-trust credentials
Delivery
Identify allowFrom allow-list entry
Exploit
Change display name to match trusted entry
Execution
Send request to OpenClaw integration
Persist
Authorization check matches spoofed name
Impact
Perform unauthorized higher-privilege action

Vulnerability AssessmentAI

Exploitation Exploitation requires three concurrent conditions: (1) the `allowFrom` feature must be actively configured with at least one display-name-based rule; (2) the attacker must already hold an authenticated lower-trust session within the Teams environment (PR:L - unauthenticated attackers cannot exploit this); (3) the attacker must be able to modify their own display name to match a trusted entry, which is standard in default Teams tenant configurations but can be restricted via Azure AD tenant policy. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 2.3 (AV:N/AC:L/AT:P/PR:L/UI:N) appropriately reflects the constrained real-world impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated user with a lower-trust role within an organization's OpenClaw MS Teams deployment renames their Teams display name to match the display name of a higher-privileged account or team that appears on an `allowFrom` allow-list. When the OpenClaw integration checks authorization, it matches on the spoofed display name and grants the attacker the elevated permissions associated with that entry, allowing them to invoke actions they would otherwise be denied. …
Remediation Upgrade OpenClaw MS Teams to version 2026.5.12 or later, which is the vendor-released patch per the GitHub Security Advisory GHSA-7w4v-g4m6-j88v. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-62224 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy