{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/microsoft-teams/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-34506"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["cve-2026-34506","openclaw","microsoft teams","allowlist bypass"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eOpenClaw, a Microsoft Teams plugin, is vulnerable to a sender allowlist bypass (CVE-2026-34506) in versions prior to 2026.3.8. The vulnerability stems from a misconfiguration issue where an empty \u003ccode\u003egroupAllowFrom\u003c/code\u003e parameter in the team/channel route allowlist leads to the synthesis of wildcard sender authorization. This allows any sender within the matched team/channel to trigger replies in allowlisted Teams routes, effectively bypassing intended authorization checks. This vulnerability was…\u003c/p\u003e\n","date_modified":"2026-03-31T12:16:30Z","date_published":"2026-03-31T12:16:30Z","id":"/briefs/2026-03-openclaw-allowlist-bypass/","summary":"OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plugin, allowing unauthorized senders to bypass intended authorization checks due to improper handling of empty groupAllowFrom parameters, potentially leading to information disclosure.","title":"OpenClaw Microsoft Teams Plugin Sender Allowlist Bypass (CVE-2026-34506)","url":"https://feed.craftedsignal.io/briefs/2026-03-openclaw-allowlist-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Microsoft Teams","version":"https://jsonfeed.org/version/1.1"}