https://feed.craftedsignal.io/tags/cve-2026-32974/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioSun, 29 Mar 2026 13:17:01 +0000https://feed.craftedsignal.io/briefs/2026-03-openclaw-auth-bypass/Sun, 29 Mar 2026 13:17:01 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-openclaw-auth-bypass/OpenClaw before 2026.3.12 is vulnerable to an authentication bypass in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing unauthenticated network attackers to inject forged Feishu events and trigger downstream tool execution.OpenClaw before version 2026.3.12 is susceptible to an authentication bypass vulnerability (CVE-2026-32974) affecting Feishu webhook integrations. This vulnerability arises when the verificationToken is configured without the encryptKey. This configuration flaw enables unauthenticated attackers to forge Feishu events and send them to the webhook endpoint. Successful exploitation allows attackers to trigger arbitrary downstream tool execution within the OpenClaw environment. This is a…

]]>highadvisoryauthentication-bypasswebhookcve-2026-32974