CVE-2026-32924 in OpenClawinfo

Summary

OpenClaw before 2026.3.12 contains an authorization bypass vulnerability where Feishu reaction events with omitted chat_type are misclassified as p2p conversations instead of group chats. Attackers can exploit this misclassification to bypass groupAllowFrom and requireMention protections in group chat reaction-derived events.

Responsible

VulnCheck

Reservation

03/16/2026

Disclosure

03/29/2026

Entries

Published	Base	Temp	Vulnerability	CWE	Prod	Exp	Cou	EPSS	CTI	CVE
03/29/2026	8.5	8.4	OpenClaw authorization	863	Artificial Intelligence Software	Not defined	Official fix	0.00000	3.11	CVE-2026-32924

Show more

Description
Changes
Cyber Threat Intelligence
API/JSON

◂ PreviousOverviewNext ▸

Interested in the pricing of exploits?

See the underground prices here!