Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Blast Radius
ecosystem impact- 6 npm packages depend on openclaw (6 direct, 0 indirect)
Ecosystem-wide dependent count for version 2026.4.15.
DescriptionCVE.org
OpenClaw before 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and card-action validation that allows unauthenticated requests to reach command dispatch. Missing encryptKey configuration and blank callback tokens fail open instead of rejecting requests, enabling attackers to bypass signature verification and replay protection to execute arbitrary commands.
AnalysisAI
OpenClaw's Feishu webhook integration fails open when encryptKey is missing or callback tokens are blank, allowing remote unauthenticated attackers to bypass signature verification and replay protection mechanisms. Attackers can submit crafted webhook requests or malformed card-action callbacks directly to command dispatch without authentication, enabling arbitrary command execution. Vendor-confirmed authentication bypass; patch released in version 2026.4.15. No public exploit code or CISA KEV listing identified at time of analysis, but the fail-open behavior and network attack vector (CVSS AV:N/AC:L/PR:N) make this highly exploitable against misconfigured deployments.
Technical ContextAI
OpenClaw integrates with Feishu (Lark/飞书) messaging platform via webhook transport and interactive card actions. The vulnerability affects two authentication mechanisms: (1) webhook signature verification using HMAC with an encryptKey, and (2) card-action callback token validation for replay protection. The root cause is CWE-1188 (Initialization of a Resource with an Insecure Default Value) - the codebase treated missing encryptKey as valid and blank callback tokens as usable, causing authentication checks to return true instead of false when security-critical configuration was absent. The fail-open logic in monitor.transport.ts allowed unsigned webhook requests to proceed when encryptKey was not configured, and card-action.ts dispatched commands even when callback tokens were empty strings. This violated secure-by-default principles and created an unauthenticated network path into OpenClaw's command execution layer, bypassing the intended Feishu identity verification.
RemediationAI
Upgrade to OpenClaw 2026.4.15 or later immediately. The fix is delivered via commit c8003f1b33ed2924be5f62131bd28742c5a41aae (PR #66707), which hardens webhook transport and card-action validation to fail closed: webhook mode now refuses to start without an encryptKey, missing signing configuration returns invalid instead of valid, and blank card-action callback tokens are rejected before dispatch reaches command handlers. Install via npm: npm install openclaw@2026.4.15 or update package.json dependency. If immediate upgrade is not possible, implement these compensating controls with noted trade-offs: (1) Disable Feishu webhook mode entirely until patched - breaks Feishu integration but eliminates attack surface; (2) Verify encryptKey is configured and non-empty in Feishu account configuration before starting webhook transport - requires code audit and restart, may reveal misconfigurations; (3) Implement reverse proxy layer (nginx/Envoy) that validates Feishu webhook signatures before forwarding to OpenClaw - adds operational complexity and latency, requires duplicate signature logic. Note that the vendor describes this as 'defense-in-depth over the already-closed monitor-account layer,' suggesting upstream authentication may provide partial mitigation, but do not rely on undocumented protections. Vendor advisory: https://github.com/openclaw/openclaw/security/advisories/GHSA-xh72-v6v9-mwhc. Fix commit: https://github.com/openclaw/openclaw/commit/c8003f1b33ed2924be5f62131bd28742c5a41aae.
Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.
Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b
OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att
An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.
OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e
Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in
OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all
OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director
OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func
OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste
OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low
OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-28184
GHSA-xh72-v6v9-mwhc