https://feed.craftedsignal.io/tags/microsoft-teams/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioTue, 31 Mar 2026 12:16:30 +0000https://feed.craftedsignal.io/briefs/2026-03-openclaw-allowlist-bypass/Tue, 31 Mar 2026 12:16:30 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-openclaw-allowlist-bypass/OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plugin, allowing unauthorized senders to bypass intended authorization checks due to improper handling of empty groupAllowFrom parameters, potentially leading to information disclosure.<p>OpenClaw, a Microsoft Teams plugin, is vulnerable to a sender allowlist bypass (CVE-2026-34506) in versions prior to 2026.3.8. The vulnerability stems from a misconfiguration issue where an empty <code>groupAllowFrom</code> parameter in the team/channel route allowlist leads to the synthesis of wildcard sender authorization. This allows any sender within the matched team/channel to trigger replies in allowlisted Teams routes, effectively bypassing intended authorization checks. This vulnerability was…</p> mediumadvisorycve-2026-34506openclawmicrosoft teamsallowlist bypass