{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-32974/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["authentication-bypass","webhook","cve-2026-32974"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eOpenClaw before version 2026.3.12 is susceptible to an authentication bypass vulnerability (CVE-2026-32974) affecting Feishu webhook integrations. This vulnerability arises when the \u003ccode\u003everificationToken\u003c/code\u003e is configured without the \u003ccode\u003eencryptKey\u003c/code\u003e. This configuration flaw enables unauthenticated attackers to forge Feishu events and send them to the webhook endpoint. Successful exploitation allows attackers to trigger arbitrary downstream tool execution within the OpenClaw environment. This is a…\u003c/p\u003e\n","date_modified":"2026-03-29T13:17:01Z","date_published":"2026-03-29T13:17:01Z","id":"/briefs/2026-03-openclaw-auth-bypass/","summary":"OpenClaw before 2026.3.12 is vulnerable to an authentication bypass in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing unauthenticated network attackers to inject forged Feishu events and trigger downstream tool execution.","title":"OpenClaw Feishu Webhook Authentication Bypass (CVE-2026-32974)","url":"https://feed.craftedsignal.io/briefs/2026-03-openclaw-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-32974","version":"https://jsonfeed.org/version/1.1"}