CVE-2026-35654 Overview
CVE-2026-35654 is an authorization bypass vulnerability affecting OpenClaw versions prior to 2026.3.25. The vulnerability exists within the Microsoft Teams feedback invoke functionality, where insufficient sender validation allows unauthorized parties to record session feedback. Attackers can exploit this flaw to bypass sender allowlist checks via feedback invoke endpoints, enabling unauthorized feedback recording or reflection attacks.
Critical Impact
Unauthorized senders can bypass allowlist controls to trigger feedback recording, potentially leading to data manipulation, session reflection attacks, or abuse of feedback mechanisms in Microsoft Teams integrations.
Affected Products
- OpenClaw versions before 2026.3.25
- OpenClaw for Node.js (all affected versions)
Discovery Timeline
- 2026-04-10 - CVE-2026-35654 published to NVD
- 2026-04-13 - Last updated in NVD database
Technical Details for CVE-2026-35654
Vulnerability Analysis
This vulnerability is classified under CWE-288 (Authentication Bypass Using an Alternate Path or Channel). The core issue lies in the improper implementation of sender validation within the feedback invoke endpoints of OpenClaw's Microsoft Teams integration.
When processing feedback invocations, OpenClaw should validate that the sender is on an authorized allowlist before recording session feedback. However, the vulnerable versions fail to properly enforce these allowlist checks, creating an alternate path that bypasses the intended authorization controls.
The network-accessible nature of this vulnerability allows remote attackers to exploit the flaw without requiring any privileges or user interaction. While the vulnerability does not directly compromise confidentiality or availability, it enables unauthorized modification of feedback data through the integrity violation.
Root Cause
The root cause of CVE-2026-35654 is improper access control validation in the feedback invoke endpoint handling. The sender allowlist mechanism contains a logic flaw that allows requests to bypass the authorization checks under certain conditions. This represents a classic authentication bypass scenario where an alternate channel exists that does not enforce the same security controls as the primary path.
Attack Vector
The attack vector for this vulnerability is network-based, requiring no authentication or user interaction. An attacker can craft malicious requests to the feedback invoke endpoints, bypassing the sender allowlist validation to trigger unauthorized feedback recording.
The exploitation flow involves:
- Identifying the feedback invoke endpoint in an OpenClaw deployment
- Crafting requests that bypass the sender allowlist validation
- Submitting unauthorized feedback data that gets recorded without proper authorization
- Potentially leveraging the reflection capability for further attacks
Since no verified code examples are available for this vulnerability, readers should consult the GitHub Security Advisory for detailed technical information about the exploitation mechanism.
Detection Methods for CVE-2026-35654
Indicators of Compromise
- Unusual feedback recording activity from unauthorized or unexpected sender addresses
- Anomalous patterns in Microsoft Teams feedback invoke endpoint access logs
- Feedback entries originating from senders not present in the configured allowlist
- Unexpected reflection behavior in Teams integration responses
Detection Strategies
- Monitor feedback invoke endpoint requests for senders not matching configured allowlists
- Implement application-level logging for all feedback recording operations with sender identification
- Deploy network monitoring to identify unusual patterns in Teams integration traffic
- Review OpenClaw application logs for authorization bypass indicators
Monitoring Recommendations
- Enable verbose logging on OpenClaw feedback invoke endpoints
- Set up alerts for feedback recording from unrecognized senders
- Monitor for bulk or automated feedback submission patterns
- Review Microsoft Teams integration audit logs for anomalous activity
How to Mitigate CVE-2026-35654
Immediate Actions Required
- Upgrade OpenClaw to version 2026.3.25 or later immediately
- Review existing feedback records for unauthorized entries
- Audit sender allowlist configurations for completeness
- Implement network-level restrictions on feedback invoke endpoints until patching is complete
Patch Information
The OpenClaw development team has addressed this vulnerability in version 2026.3.25. The fix is available via the GitHub Commit. Organizations should update to the patched version as soon as possible.
Additional details about the vulnerability and remediation steps can be found in the GitHub Security Advisory and the VulnCheck Advisory.
Workarounds
- Restrict network access to feedback invoke endpoints using firewall rules or WAF configurations
- Implement additional authentication layers at the network or reverse proxy level
- Temporarily disable the feedback invoke functionality if not critical to operations
- Deploy API gateway rules to enforce stricter sender validation
# Example: Restrict access to feedback invoke endpoints at the network level
# Add firewall rule to limit access to trusted IP ranges only
iptables -A INPUT -p tcp --dport 443 -m string --string "/feedback/invoke" --algo bm -j DROP
iptables -A INPUT -p tcp --dport 443 -s TRUSTED_IP_RANGE -m string --string "/feedback/invoke" --algo bm -j ACCEPT
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
