{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/@openclaw/feishu--2026.6.6/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.1,"id":"CVE-2026-62187"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["@openclaw/feishu \u003c= 2026.6.6"],"_cs_severities":["high"],"_cs_tags":["authorization-bypass","npm-package","software-supply-chain","vulnerability","cve"],"_cs_type":"advisory","_cs_vendors":["OpenClaw"],"content_html":"\u003cp\u003eA critical authorization bypass vulnerability, identified as CVE-2026-62187, affects OpenClaw Feishu tools (npm package \u003ccode\u003e@openclaw/feishu\u003c/code\u003e) in all versions up to and including 2026.6.6. This flaw allows a lower-trust caller or input path to circumvent per-account disablement and other authorization checks, enabling them to perform operations that should require stronger authentication or policy enforcement. The vulnerability, first published on July 13, 2026, by VulnCheck and tracked by NVD, poses a significant risk to applications integrating this npm package, potentially leading to unauthorized data modification, access to sensitive information, or execution of restricted functions. The actual impact depends on the specific configuration of the operator and the accessibility of the affected feature to lower-trust input.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker conducts reconnaissance to identify applications or services that incorporate the vulnerable \u003ccode\u003e@openclaw/feishu\u003c/code\u003e npm package, specifically targeting versions \u003ccode\u003e\u0026lt;= 2026.6.6\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker analyzes the application's configuration and the library's exposed functionalities to pinpoint \u0026quot;lower-trust caller\u0026quot; interaction points or \u0026quot;configured input paths\u0026quot; that utilize the vulnerable component.\u003c/li\u003e\n\u003cli\u003eA malicious input or API request is crafted, designed to interact with the \u003ccode\u003e@openclaw/feishu\u003c/code\u003e library's functions responsible for authorization, particularly those related to account disablement.\u003c/li\u003e\n\u003cli\u003eThe crafted input is submitted to the vulnerable application, which then passes it to the \u003ccode\u003e@openclaw/feishu\u003c/code\u003e library.\u003c/li\u003e\n\u003cli\u003eDue to CVE-2026-62187, the library improperly processes the input, ignoring per-account disablement settings or failing to enforce stronger authorization/policy checks.\u003c/li\u003e\n\u003cli\u003eThe application, under the influence of the bypassed authorization, executes unauthorized operations such as modifying data, accessing restricted resources, or triggering privileged functions.\u003c/li\u003e\n\u003cli\u003eThe successful exploitation results in the attacker achieving their objective, which could include data manipulation, information disclosure, or service disruption within the compromised application.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of CVE-2026-62187 can lead to significant unauthorized operations within applications utilizing the \u003ccode\u003e@openclaw/feishu\u003c/code\u003e package. Depending on the application's functionality and the privileges granted to the vulnerable component, attackers could modify critical data, access sensitive user or system information, or perform actions typically reserved for administrators. The NVD assigns a CVSS v3.1 base score of 8.1 (High), indicating a severe risk. While no specific victim count or targeted sectors are available, any organization deploying applications with the vulnerable package is at risk of data integrity loss, confidentiality breaches, or disruption of services due to unauthorized activity.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-62187 by upgrading the \u003ccode\u003e@openclaw/feishu\u003c/code\u003e npm package to version \u003ccode\u003e2026.6.9\u003c/code\u003e or later immediately.\u003c/li\u003e\n\u003cli\u003eReview applications utilizing \u003ccode\u003e@openclaw/feishu\u003c/code\u003e for configurations that allow \u0026quot;lower-trust callers\u0026quot; or \u0026quot;configured input paths\u0026quot; to interact with sensitive functions, and implement additional layers of authorization.\u003c/li\u003e\n\u003cli\u003eMonitor application logs for unusual activity originating from accounts that should be disabled or from callers with limited privileges, which could indicate exploitation of the authorization bypass vulnerability.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-13T22:24:38Z","date_published":"2026-07-13T22:23:52Z","id":"https://feed.craftedsignal.io/briefs/2026-07-openclaw-feishu-auth-bypass/","summary":"OpenClaw Feishu tools (npm package @openclaw/feishu) versions up to and including 2026.6.6 contain CVE-2026-62187, an authorization bypass vulnerability that allows lower-trust callers to perform unauthorized operations by ignoring per-account disablement or policy checks, leading to potential data manipulation or information disclosure.","title":"OpenClaw Feishu Tools Authorization Bypass Vulnerability (CVE-2026-62187)","url":"https://feed.craftedsignal.io/briefs/2026-07-openclaw-feishu-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed - @Openclaw/Feishu \u003c= 2026.6.6","version":"https://jsonfeed.org/version/1.1"}