<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>@Openclaw/Feishu &lt;= 2026.6.6 - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/@openclaw/feishu--2026.6.6/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Mon, 13 Jul 2026 22:23:52 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/@openclaw/feishu--2026.6.6/feed.xml" rel="self" type="application/rss+xml"/><item><title>OpenClaw Feishu Tools Authorization Bypass Vulnerability (CVE-2026-62187)</title><link>https://feed.craftedsignal.io/briefs/2026-07-openclaw-feishu-auth-bypass/</link><pubDate>Mon, 13 Jul 2026 22:23:52 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-openclaw-feishu-auth-bypass/</guid><description>OpenClaw Feishu tools (npm package @openclaw/feishu) versions up to and including 2026.6.6 contain CVE-2026-62187, an authorization bypass vulnerability that allows lower-trust callers to perform unauthorized operations by ignoring per-account disablement or policy checks, leading to potential data manipulation or information disclosure.</description><content:encoded><![CDATA[<p>A critical authorization bypass vulnerability, identified as CVE-2026-62187, affects OpenClaw Feishu tools (npm package <code>@openclaw/feishu</code>) in all versions up to and including 2026.6.6. This flaw allows a lower-trust caller or input path to circumvent per-account disablement and other authorization checks, enabling them to perform operations that should require stronger authentication or policy enforcement. The vulnerability, first published on July 13, 2026, by VulnCheck and tracked by NVD, poses a significant risk to applications integrating this npm package, potentially leading to unauthorized data modification, access to sensitive information, or execution of restricted functions. The actual impact depends on the specific configuration of the operator and the accessibility of the affected feature to lower-trust input.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An attacker conducts reconnaissance to identify applications or services that incorporate the vulnerable <code>@openclaw/feishu</code> npm package, specifically targeting versions <code>&lt;= 2026.6.6</code>.</li>
<li>The attacker analyzes the application's configuration and the library's exposed functionalities to pinpoint &quot;lower-trust caller&quot; interaction points or &quot;configured input paths&quot; that utilize the vulnerable component.</li>
<li>A malicious input or API request is crafted, designed to interact with the <code>@openclaw/feishu</code> library's functions responsible for authorization, particularly those related to account disablement.</li>
<li>The crafted input is submitted to the vulnerable application, which then passes it to the <code>@openclaw/feishu</code> library.</li>
<li>Due to CVE-2026-62187, the library improperly processes the input, ignoring per-account disablement settings or failing to enforce stronger authorization/policy checks.</li>
<li>The application, under the influence of the bypassed authorization, executes unauthorized operations such as modifying data, accessing restricted resources, or triggering privileged functions.</li>
<li>The successful exploitation results in the attacker achieving their objective, which could include data manipulation, information disclosure, or service disruption within the compromised application.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>The successful exploitation of CVE-2026-62187 can lead to significant unauthorized operations within applications utilizing the <code>@openclaw/feishu</code> package. Depending on the application's functionality and the privileges granted to the vulnerable component, attackers could modify critical data, access sensitive user or system information, or perform actions typically reserved for administrators. The NVD assigns a CVSS v3.1 base score of 8.1 (High), indicating a severe risk. While no specific victim count or targeted sectors are available, any organization deploying applications with the vulnerable package is at risk of data integrity loss, confidentiality breaches, or disruption of services due to unauthorized activity.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Patch CVE-2026-62187 by upgrading the <code>@openclaw/feishu</code> npm package to version <code>2026.6.9</code> or later immediately.</li>
<li>Review applications utilizing <code>@openclaw/feishu</code> for configurations that allow &quot;lower-trust callers&quot; or &quot;configured input paths&quot; to interact with sensitive functions, and implement additional layers of authorization.</li>
<li>Monitor application logs for unusual activity originating from accounts that should be disabled or from callers with limited privileges, which could indicate exploitation of the authorization bypass vulnerability.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>authorization-bypass</category><category>npm-package</category><category>software-supply-chain</category><category>vulnerability</category><category>cve</category></item></channel></rss>