CVE-2026-32924 in OpenClawinformação

Sumário (Inglês)

OpenClaw before 2026.3.12 contains an authorization bypass vulnerability where Feishu reaction events with omitted chat_type are misclassified as p2p conversations instead of group chats. Attackers can exploit this misclassification to bypass groupAllowFrom and requireMention protections in group chat reaction-derived events.

Responsável

VulnCheck

Reservar

16/03/2026

Divulgação

29/03/2026

Inscrições

Publicado emBaseTempVulnerabilidadeCWEProdExpConEPSSCTICVE
29/03/20268.58.4OpenClaw Elevação de Privilégios863Artificial Intelligence SoftwareNão definidoCorreção oficial0.000003.13CVE-2026-32924

Mostrar mais

VoltarVisão GeralPróximo

Want to know what is going to be exploited?

We predict KEV entries!