Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.9
MS Teams Attachment Download in OpenClaw Leaks Sensitive Tokens
CVE-2026-28481
GHSA-7vwx-582j-j332
Summary
OpenClaw's MS Teams integration may leak sensitive tokens to unauthorized domains when downloading attachments. If you use MS Teams, update to OpenClaw 2026.2.1 or disable the Teams extension to prevent this. If you can't update, ensure your auth host allowlist is strict and only includes trusted Microsoft-owned endpoints.
What to do
- Update steipete openclaw to version 2026.2.1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| steipete | openclaw | <= 2026.2.1 | 2026.2.1 |
Original title
OpenClaw MS Teams inbound attachment downloader leaks bearer tokens to allowlisted suffix domains
Original description
## Summary
NOTE: This only affects deployments that enable the optional MS Teams extension (Teams channel). If you do not use MS Teams, you are not impacted.
When OpenClaw downloads inbound MS Teams attachments / inline images, it may retry a URL with an `Authorization: Bearer <token>` header after receiving `401` or `403`.
Because the default download allowlist uses suffix matching (and includes some multi-tenant suffix domains), a message that references an untrusted but allowlisted host could cause that bearer token to be sent to the wrong place.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Vulnerable: `<= 2026.1.30`
- Patched: `>= 2026.2.1`
## Fix
- Fix commit: `41cc5bcd4f1d434ad1bbdfa55b56f25025ecbf6b`
- Upgrade to `openclaw >= 2026.2.1`
## Workarounds
- If you do not need MS Teams, disable the MS Teams extension.
- If you must stay on an older version, ensure the auth host allowlist is strict (only Microsoft-owned endpoints that require auth) and avoid wildcard or broad suffix entries.
## Credits
Thanks @yueyueL for reporting.
NOTE: This only affects deployments that enable the optional MS Teams extension (Teams channel). If you do not use MS Teams, you are not impacted.
When OpenClaw downloads inbound MS Teams attachments / inline images, it may retry a URL with an `Authorization: Bearer <token>` header after receiving `401` or `403`.
Because the default download allowlist uses suffix matching (and includes some multi-tenant suffix domains), a message that references an untrusted but allowlisted host could cause that bearer token to be sent to the wrong place.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Vulnerable: `<= 2026.1.30`
- Patched: `>= 2026.2.1`
## Fix
- Fix commit: `41cc5bcd4f1d434ad1bbdfa55b56f25025ecbf6b`
- Upgrade to `openclaw >= 2026.2.1`
## Workarounds
- If you do not need MS Teams, disable the MS Teams extension.
- If you must stay on an older version, ensure the auth host allowlist is strict (only Microsoft-owned endpoints that require auth) and avoid wildcard or broad suffix entries.
## Credits
Thanks @yueyueL for reporting.
nvd CVSS3.1
6.5
nvd CVSS4.0
5.9
Vulnerability type
CWE-201
- https://github.com/openclaw/openclaw/commit/41cc5bcd4f1d434ad1bbdfa55b56f25025ec...
- https://github.com/openclaw/openclaw/security/advisories/GHSA-7vwx-582j-j332
- https://www.vulncheck.com/advisories/openclaw-bearer-token-leakage-via-ms-teams-...
- https://github.com/openclaw/openclaw/releases/tag/v2026.2.1
- https://nvd.nist.gov/vuln/detail/CVE-2026-28481
- https://github.com/advisories/GHSA-7vwx-582j-j332
Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026