Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
OpenClaw Feishu Authorization Bypass via Display Name Collision
GHSA-j4xf-96qf-rx69
Summary
If you use OpenClaw with Feishu, an attacker could pretend to be an authorized user by using a fake display name that matches an authorized user's ID. This could let the attacker access unauthorized information or features. To fix this, the developers have updated the OpenClaw package to only match exact IDs and ignore display names.
What to do
- Update openclaw to version 2026.2.22.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.2.22 | 2026.2.22 |
Original title
OpenClaw has a Feishu allowFrom authorization bypass via display-name collision
Original description
### Summary
Feishu allowlist authorization could be bypassed by display-name collision.
### Details
`channels.feishu.allowFrom` is documented as an ID-based allowlist (open_id list), but Feishu policy matching accepted mutable sender display names in the same namespace. An attacker could set a display name equal to an allowlisted ID string and pass authorization checks.
The fix enforces ID-only matching for Feishu allowlist checks, normalizes Feishu ID prefixes during comparison, and ignores mutable display names for authorization.
### Impact
Deployments using Feishu allowlist-based authorization could incorrectly authorize non-allowlisted senders when a colliding display name was used.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published version at triage time: `2026.2.21-2`
- Affected range: `<= 2026.2.21-2`
- Planned patched version: `>= 2026.2.22`
### Fix Commit(s)
- `4ed87a667263ed2d422b9d5d5a5d326e099f92c7`
### Release Process Note
`patched_versions` is pre-set to the planned next release (`>= 2026.2.22`) so the advisory is ready to publish once that npm release is available.
OpenClaw thanks @jiseoung for reporting.
Feishu allowlist authorization could be bypassed by display-name collision.
### Details
`channels.feishu.allowFrom` is documented as an ID-based allowlist (open_id list), but Feishu policy matching accepted mutable sender display names in the same namespace. An attacker could set a display name equal to an allowlisted ID string and pass authorization checks.
The fix enforces ID-only matching for Feishu allowlist checks, normalizes Feishu ID prefixes during comparison, and ignores mutable display names for authorization.
### Impact
Deployments using Feishu allowlist-based authorization could incorrectly authorize non-allowlisted senders when a colliding display name was used.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published version at triage time: `2026.2.21-2`
- Affected range: `<= 2026.2.21-2`
- Planned patched version: `>= 2026.2.22`
### Fix Commit(s)
- `4ed87a667263ed2d422b9d5d5a5d326e099f92c7`
### Release Process Note
`patched_versions` is pre-set to the planned next release (`>= 2026.2.22`) so the advisory is ready to publish once that npm release is available.
OpenClaw thanks @jiseoung for reporting.
ghsa CVSS4.0
5.3
Vulnerability type
CWE-639
Authorization Bypass Through User-Controlled Key
CWE-863
Incorrect Authorization
Published: 3 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026