CVE-2026-32974— OpenClaw < 2026.3.12 - Forged Event Injection via Feishu Webhook Verification Token
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-32974
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenClaw < 2026.3.12 - Forged Event Injection via Feishu Webhook Verification Token
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated network attackers can inject forged Feishu events and trigger downstream tool execution by reaching the webhook endpoint.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
密码学签名的验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenClaw 数据伪造问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.3.12之前版本存在数据伪造问题漏洞,该漏洞源于Feishu webhook模式存在身份验证绕过问题,当仅配置verificationToken而未配置encryptKey时,可能导致未经身份验证的网络攻击者注入伪造的Feishu事件并触发下游工具执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-32974
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-32974
请登录查看更多情报信息。
Same Patch Batch · OpenClaw · 2026-03-29 · 19 CVEs total
| CVE-2026-32922 | 9.9 CRITICAL | OpenClaw < 2026.3.11 - Privilege Escalation via Unvalidated Scope in device.token.rotate |
| CVE-2026-32987 | 9.8 CRITICAL | OpenClaw < 2026.3.13 - Bootstrap Setup Code Replay via Device Pairing |
| CVE-2026-32924 | 9.8 CRITICAL | OpenClaw < 2026.3.12 - Authorization Bypass via Misclassified Reaction Events in Feishu |
| CVE-2026-32973 | 9.8 CRITICAL | OpenClaw < 2026.3.11 - Exec Allowlist Pattern Overmatch via POSIX Path Normalization |
| CVE-2026-32975 | 9.8 CRITICAL | OpenClaw < 2026.3.12 - Weak Authorization via Mutable Group Names in Zalouser Allowlist |
| CVE-2026-32914 | 8.8 HIGH | OpenClaw < 2026.3.12 - Insufficient Access Control in /config and /debug Endpoints |
| CVE-2026-32915 | 8.8 HIGH | OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Subagent Control Surface |
| CVE-2026-33573 | 8.8 HIGH | OpenClaw < 2026.3.11 - Workspace Boundary Bypass via Agent RPC Parameters |
| CVE-2026-33572 | 8.4 HIGH | OpenClaw < 2026.2.17 - Insufficient File Permissions in Session Transcript Files |
| CVE-2026-32918 | 8.4 HIGH | OpenClaw < 2026.3.11 - Session Sandbox Escape via session_status Tool |
| CVE-2026-32978 | 8.0 HIGH | OpenClaw < 2026.3.11 - Approval Bypass via Unrecognized Script Runners |
| CVE-2026-32980 | 7.5 HIGH | OpenClaw < 2026.3.13 - Resource Exhaustion via Unauthenticated Telegram Webhook Request |
| CVE-2026-33575 | 7.5 HIGH | OpenClaw < 2026.3.12 - Long-lived Credential Exposure in Pairing Setup Codes |
| CVE-2026-32979 | 7.3 HIGH | OpenClaw < 2026.3.11 - Unbound Interpreter and Runtime Commands Bypass in node-host Approv |
| CVE-2026-32972 | 7.1 HIGH | OpenClaw < 2026.3.11 - Authorization Bypass in Browser Profile Management via browser.requ |
| CVE-2026-33574 | 6.2 MEDIUM | OpenClaw < 2026.3.8 - Path Traversal via Tools Root Rebinding in Skills Download |
| CVE-2026-32919 | 6.1 MEDIUM | OpenClaw < 2026.3.11 - Unauthorized Session Reset via agent Slash Commands |
| CVE-2026-32923 | 5.4 MEDIUM | OpenClaw < 2026.3.11 - Authorization Bypass in Discord Guild Reaction Allowlist Enforcemen |
IV. Related Vulnerabilities
Same product: OpenClaw
- CVE-2026-44118
OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Tok - CVE-2026-44117
OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot - CVE-2026-44116
OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo P - CVE-2026-44115
OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted He - CVE-2026-44114
OpenClaw < 2026.4.20 - Environment Variable Namespace Collis
Same vendor: OpenClaw
- CVE-2026-44118
OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Tok - CVE-2026-44116
OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo P - CVE-2026-44117
OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot - CVE-2026-44115
OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted He - CVE-2026-44114
OpenClaw < 2026.4.20 - Environment Variable Namespace Collis
Same weakness: CWE-347
- CVE-2026-42193
Plunk: SNS webhook forgery - CVE-2026-44497
ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type - CVE-2026-41669
Admidio: SAML Signature Validation Result Ignored — Forged A - CVE-2026-7689
Dolibarr ERP CRM Online Signature security.lib.php dol_verif - CVE-2026-33467
Improper Verification of Cryptographic Signature in Elastic
V. Comments for CVE-2026-32974
No comments yet