CVE-2026-32974 in OpenClawinformation

Résumé (Anglaise)

OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated network attackers can inject forged Feishu events and trigger downstream tool execution by reaching the webhook endpoint.

Responsable

VulnCheck

Réserver

17/03/2026

Divulgation

29/03/2026

Entrées

Publié	Base	Temp	Vulnérabilité	CWE	Prod	Exp	Con	EPSS	CTI	CVE
29/03/2026	7.9	7.8	OpenClaw Webhook authentification faible	347	Artificial Intelligence Software	Non défini	Correctif officiel	0.00000	4.64+	CVE-2026-32974

Montrer plus

Description
Changements
Renseignements sur les menaces
API/JSON

◂ PrécédentAperçuSuivant ▸

Do you need the next level of professionalism?

Upgrade your account now!