NextGuard
UNKNOWNCVE-2026-32974

OpenClaw < 2026.3.12 - Forged Event Injection via Feishu Webhook Verification Token

Platform

other

Component

openclaw

Fixed in

2026.3.12

View on NVD

OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated network attackers can inject forged Feishu events and trigger downstream tool execution by reaching the webhook endpoint.

How to fix

Actualice OpenClaw a la versión 2026.3.12 o posterior. Asegúrese de configurar encryptKey junto con verificationToken para una verificación adecuada del webhook de Feishu.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free