CVE-2026-44109 Overview
CVE-2026-44109 is an authentication bypass vulnerability in OpenClaw versions before 2026.4.15. The flaw resides in the Feishu webhook and card-action validation logic, where missing encryptKey configuration values and blank callback tokens cause the validator to fail open. Instead of rejecting unauthenticated requests, the code returns true, allowing requests to reach the command dispatch layer. Attackers can bypass signature verification and replay protection to execute arbitrary commands without credentials. The vulnerability is categorized under [CWE-1188] Initialization of a Resource with an Insecure Default.
Critical Impact
Unauthenticated network attackers can reach OpenClaw command dispatch and execute arbitrary commands by exploiting fail-open validation in Feishu webhook handlers.
Affected Products
- OpenClaw versions prior to 2026.4.15
- OpenClaw Feishu extension (extensions/feishu)
- Deployments with missing encryptKey or blank callback token configuration
Discovery Timeline
- 2026-05-06 - CVE-2026-44109 published to NVD
- 2026-05-06 - Last updated in NVD database
Technical Details for CVE-2026-44109
Vulnerability Analysis
The vulnerability stems from insecure default behavior in two validation routines inside the OpenClaw Feishu extension. The card-action.ts token replay guard and the monitor.transport.ts signature verifier both treat missing or blank security material as a successful validation. When operators deploy OpenClaw without configuring an encryptKey or when the callback token arrives empty, the functions return true, signaling that the request passed authentication checks.
This fail-open pattern allows unauthenticated HTTP requests to traverse the webhook entrypoint and reach the command dispatcher. Because Feishu card actions can trigger automation commands, an attacker who knows or guesses a webhook endpoint can submit crafted requests that execute server-side actions.
Root Cause
The root cause is incorrect handling of unconfigured authentication state. The functions return true for missing material, which the calling code interprets as a valid signature or non-replayed token. Secure design requires the validator to return false and reject the request when secrets are not configured.
Attack Vector
An unauthenticated attacker sends an HTTP request to the OpenClaw Feishu webhook endpoint. The request omits or supplies a blank token and arrives at an instance that lacks an encryptKey. The validators short-circuit to true, the dispatcher accepts the payload, and arbitrary commands execute in the OpenClaw process context.
// Patch: extensions/feishu/src/card-action.ts
pruneProcessedCardActionTokens(now);
const normalizedToken = params.token.trim();
if (!normalizedToken) {
- return true;
+ return false;
}
const key = `${params.accountId}:${normalizedToken}`;
const existing = processedCardActionTokens.get(key);
// Patch: extensions/feishu/src/monitor.transport.ts
}): boolean {
const encryptKey = params.encryptKey?.trim();
if (!encryptKey) {
- return true;
+ return false;
}
const timestampHeader = params.headers["x-lark-request-timestamp"];
Source: OpenClaw GitHub Commit c8003f1
Detection Methods for CVE-2026-44109
Indicators of Compromise
- Inbound POST requests to Feishu webhook endpoints with missing or empty x-lark-request-timestamp and signature headers
- Successful card-action dispatch events lacking corresponding token entries in processedCardActionTokens
- OpenClaw command executions originating from external IP addresses without prior authenticated session activity
- Configuration files showing absent or blank encryptKey values in Feishu extension settings
Detection Strategies
- Inspect web server and reverse proxy logs for requests to OpenClaw Feishu routes containing empty token fields or absent Lark signature headers
- Correlate webhook receipt events with command dispatch logs to identify executions that bypassed signature verification
- Audit deployed OpenClaw configurations for environments where encryptKey is unset and flag those instances for accelerated patching
Monitoring Recommendations
- Forward OpenClaw application logs and reverse proxy access logs to a centralized analytics platform for anomaly review
- Alert on first-seen source IP addresses invoking Feishu webhook endpoints, especially outside expected Lark egress ranges
- Monitor for spikes in card-action processing without corresponding inbound user interactions
How to Mitigate CVE-2026-44109
Immediate Actions Required
- Upgrade OpenClaw to version 2026.4.15 or later, which contains commit c8003f1b33ed2924be5f62131bd28742c5a41aae
- Configure a non-empty encryptKey and callback token for every Feishu integration before exposing webhook endpoints
- Restrict network access to OpenClaw Feishu webhook routes using IP allowlists for Lark or Feishu egress ranges
- Review command dispatch logs for unauthorized executions during the exposure window
Patch Information
The fix is delivered in OpenClaw 2026.4.15 via the upstream commit that hardens the Feishu webhook replay guards. The patch changes both card-action.ts and monitor.transport.ts to return false when token or encryptKey material is missing, rejecting requests instead of accepting them. See the OpenClaw GitHub Security Advisory GHSA-xh72-v6v9-mwhc and the VulnCheck Authentication Bypass Advisory for additional details.
Workarounds
- If immediate patching is not possible, place the OpenClaw Feishu endpoint behind a reverse proxy that enforces signature header presence and rejects requests with blank tokens
- Disable the Feishu extension entirely until the upgrade is applied if the integration is non-critical
- Validate that encryptKey is populated in all environment configurations and add startup checks that refuse to launch when the value is missing
# Verify Feishu extension configuration before starting OpenClaw
grep -E '^(encryptKey|callbackToken)=' /etc/openclaw/feishu.env \
| awk -F= '{ if ($2 == "" || $2 == "\"\"") { print "FAIL: " $1 " is empty"; exit 1 } }'
# Pin to the patched release
npm install openclaw@">=2026.4.15"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
