Microsoft-Teams

CVE-2026-33823 is an information disclosure vulnerability in Microsoft Teams that allows an authorized attacker to disclose sensitive information over a network due to improper authorization.

OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plugin, allowing unauthorized senders to bypass intended authorization checks due to improper handling of empty groupAllowFrom parameters, potentially leading to information disclosure.