OpenClaw Feishu Webhook Authentication Bypass (CVE-2026-32974)
OpenClaw before 2026.3.12 is vulnerable to an authentication bypass in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing unauthenticated network attackers to inject forged Feishu events and trigger downstream tool execution.
OpenClaw before version 2026.3.12 is susceptible to an authentication bypass vulnerability (CVE-2026-32974) affecting Feishu webhook integrations. This vulnerability arises when the verificationToken is configured without the encryptKey. This configuration flaw enables unauthenticated attackers to forge Feishu events and send them to the webhook endpoint. Successful exploitation allows attackers to trigger arbitrary downstream tool execution within the OpenClaw environment. This is a…
Detection coverage 2
Detect Forged Feishu Webhook Events
highDetects suspicious POST requests to the Feishu webhook endpoint indicative of CVE-2026-32974 exploitation.
Detect Suspicious Processes Spawned by OpenClaw
mediumDetects unusual child processes spawned by the OpenClaw process, potentially triggered by forged events.
Detection queries are kept inside the platform. Get full rules →