Tag
OpenClaw versions before 2026.4.15 are vulnerable to unauthenticated webhook or card-action traffic due to missing encryption key configuration and improper handling of card-action callbacks, potentially allowing network-triggered access to OpenClaw command handling without Feishu signature or replay protection.