EUVD-2026-17013
GHSA-vjqw-w5jr-g9w5
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated network attackers can inject forged Feishu events and trigger downstream tool execution by reaching the webhook endpoint.
Analysis
Authentication bypass in OpenClaw's Feishu webhook integration (pre-2026.3.12) allows unauthenticated remote attackers to inject forged events and trigger arbitrary downstream tool execution. The vulnerability occurs when administrators configure only verificationToken without encryptKey, enabling attackers to craft malicious webhook payloads that bypass validation. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all OpenClaw instances and identify which deployments have webhook integrations enabled with verificationToken-only configuration (missing encryptKey). Within 7 days: For all affected instances, enable encryptKey alongside verificationToken in webhook settings and review webhook event logs for suspicious activity dated before remediation. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today