Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
OpenClaw's MS Teams Plugin Allows Unauthorized Senders
GHSA-g7cr-9h7q-4qxq
Summary
The OpenClaw plugin for Microsoft Teams has a security weakness that allows unauthorized senders to bypass the intended security settings. This can happen when a specific security list is configured, but an empty list is used. This issue affects how the plugin handles group messaging and can allow unauthorized senders to trigger responses in certain channels. To fix this issue, update the OpenClaw plugin to version 2026.3.8 or later.
What to do
- Update openclaw to version 2026.3.8.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.3.7 | 2026.3.8 |
Original title
OpenClaw's MS Teams sender allowlist bypass when route allowlist is configured and sender allowlist is empty
Original description
OpenClaw's Microsoft Teams plugin widened group sender authorization when a team/channel route allowlist was configured but `groupAllowFrom` was empty. Before the fix, a matching route allowlist entry could cause the message handler to synthesize wildcard sender authorization for that route, allowing any sender in the matched team/channel to bypass the intended `groupPolicy: "allowlist"` sender check.
This does not affect default unauthenticated access, but it does weaken a documented Teams group authorization boundary and can allow unauthorized group senders to trigger replies in allowlisted Teams routes.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published vulnerable version: `2026.3.7`
- Affected range: `<= 2026.3.7`
- Fixed in released version: `2026.3.8`
## Fix Commit(s)
- `88aee9161e0e6d32e810a25711e32a808a1777b2`
## Release Verification
- Verified fixed in GitHub release `v2026.3.8` published on March 9, 2026.
- Verified `npm view openclaw version` resolves to `2026.3.8`.
- Verified the release contains the regression test covering the Teams route-allowlist sender-bypass case and that the test passes against the `v2026.3.8` tree.
Thanks @zpbrent for reporting.
This does not affect default unauthenticated access, but it does weaken a documented Teams group authorization boundary and can allow unauthorized group senders to trigger replies in allowlisted Teams routes.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published vulnerable version: `2026.3.7`
- Affected range: `<= 2026.3.7`
- Fixed in released version: `2026.3.8`
## Fix Commit(s)
- `88aee9161e0e6d32e810a25711e32a808a1777b2`
## Release Verification
- Verified fixed in GitHub release `v2026.3.8` published on March 9, 2026.
- Verified `npm view openclaw version` resolves to `2026.3.8`.
- Verified the release contains the regression test covering the Teams route-allowlist sender-bypass case and that the test passes against the `v2026.3.8` tree.
Thanks @zpbrent for reporting.
ghsa CVSS4.0
6.9
Vulnerability type
CWE-289
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026