CVE-2026-32974
Published: 29 March 2026
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2026-32974 is an authentication bypass vulnerability (CWE-347) in OpenClaw versions prior to 2026.3.12. The flaw exists in Feishu webhook mode when only a verificationToken is configured without an encryptKey, allowing the software to accept forged events sent to the webhook endpoint. Published on 2026-03-29, it carries a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L).
Unauthenticated network-adjacent attackers can exploit this vulnerability by directly reaching the webhook endpoint with crafted Feishu events, bypassing verification and injecting malicious payloads. Successful exploitation enables attackers to trigger arbitrary downstream tool execution, potentially leading to high integrity impacts such as unauthorized actions, alongside low confidentiality and availability effects.
Mitigation details are available in the official GitHub Security Advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-g353-mgv3-8pcj and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-forged-event-injection-via-feishu-webhook-verification-token. Upgrading to OpenClaw 2026.3.12 or later addresses the issue.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is an authentication bypass in a network-accessible webhook endpoint, allowing unauthenticated attackers to inject crafted events and trigger arbitrary execution, directly enabling exploitation of a public-facing application (T1190).