Vulnerability-Lookup

GHSA-CHFM-XGC4-47RJ

Vulnerability from github – Published: 2026-04-02 21:01 – Updated: 2026-05-08 14:31

Summary

OpenClaw: MSTeams thread history bypasses sender allowlist via Graph API

Details

Summary

MSTeams thread history bypasses sender allowlist via Graph API

Current Maintainer Triage

Status: open
Normalized severity: medium
Assessment: Real in shipped v2026.3.28 MS Teams because Graph-fetched thread history bypasses sender allowlists, with unreleased mainline filtering fix.

Affected Packages / Versions

Package: openclaw (npm)
Latest published npm version: 2026.3.31
Vulnerable version range: <=2026.3.28
Patched versions: >= 2026.3.31
First stable tag containing the fix: v2026.3.31

Fix Commit(s)

5cca38084074fb5095aa11b6a59820d63e4937c9 — 2026-03-30T15:38:26+01:00

OpenClaw thanks @AntAISecurityLab for reporting.

Severity

2.3 (Low)


                  
                    CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2026.3.28"
      },
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.3.31"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-41365"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-02T21:01:28Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "## Summary\nMSTeams thread history bypasses sender allowlist via Graph API\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: medium\n- Assessment: Real in shipped v2026.3.28 MS Teams because Graph-fetched thread history bypasses sender allowlists, with unreleased mainline filtering fix.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `\u003c=2026.3.28`\n- Patched versions: `\u003e= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `5cca38084074fb5095aa11b6a59820d63e4937c9` \u2014 2026-03-30T15:38:26+01:00\n\nOpenClaw thanks @AntAISecurityLab for reporting.",
  "id": "GHSA-chfm-xgc4-47rj",
  "modified": "2026-05-08T14:31:59Z",
  "published": "2026-04-02T21:01:28Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-chfm-xgc4-47rj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41365"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/5cca38084074fb5095aa11b6a59820d63e4937c9"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-sender-allowlist-bypass-via-graph-api-thread-history"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw: MSTeams thread history bypasses sender allowlist via Graph API"
}

CVE-2026-41365 (GCVE-0-2026-41365)

Vulnerability from cvelistv5 – Published: 2026-04-27 23:24 – Updated: 2026-04-28 13:55 X_Open Source

Title

OpenClaw < 2026.3.31 - Sender Allowlist Bypass via Graph API Thread History

Summary

OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability in MS Teams thread history fetched via Graph API. Attackers can retrieve thread messages that should be filtered by sender allowlists, bypassing message filtering restrictions.

Severity

5.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

Assigner

VulnCheck

References

3 references

URL	Tags
https://github.com/openclaw/openclaw/security/adv…	vendor-advisory
https://github.com/openclaw/openclaw/commit/5cca3…	patch
https://www.vulncheck.com/advisories/openclaw-sen…	third-party-advisory

Impacted products

1 product

Vendor	Product	Version
OpenClaw	OpenClaw	Affected: 0 , < 2026.3.31 (semver) Unaffected: 2026.3.31 (semver)

Date Public

2026-03-31 00:00

Credits

AntAISecurityLab

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-41365",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-28T13:54:54.162165Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-28T13:55:22.919Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageURL": "pkg:npm/openclaw",
          "product": "OpenClaw",
          "vendor": "OpenClaw",
          "versions": [
            {
              "lessThan": "2026.3.31",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "2026.3.31",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
                  "versionEndExcluding": "2026.3.31",
                  "vulnerable": true
                }
              ],
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "AntAISecurityLab"
        }
      ],
      "datePublic": "2026-03-31T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability in MS Teams thread history fetched via Graph API. Attackers can retrieve thread messages that should be filtered by sender allowlists, bypassing message filtering restrictions."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-441",
              "description": "CWE-441: Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-27T23:24:28.567Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "GitHub Security Advisory (GHSA-chfm-xgc4-47rj)",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-chfm-xgc4-47rj"
        },
        {
          "name": "Patch Commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openclaw/openclaw/commit/5cca38084074fb5095aa11b6a59820d63e4937c9"
        },
        {
          "name": "VulnCheck Advisory: OpenClaw \u003c 2026.3.31 - Sender Allowlist Bypass via Graph API Thread History",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/openclaw-sender-allowlist-bypass-via-graph-api-thread-history"
        }
      ],
      "tags": [
        "x_open-source"
      ],
      "title": "OpenClaw \u003c 2026.3.31 - Sender Allowlist Bypass via Graph API Thread History",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2026-41365",
    "datePublished": "2026-04-27T23:24:28.567Z",
    "dateReserved": "2026-04-20T14:09:02.629Z",
    "dateUpdated": "2026-04-28T13:55:22.919Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-CHFM-XGC4-47RJ

Summary

Current Maintainer Triage

Affected Packages / Versions

Fix Commit(s)

CVE-2026-41365 (GCVE-0-2026-41365)

Tags

Sightings

Nomenclature