Description
OpenClaw versions 2026.1.30 and earlier, contain an information disclosure vulnerability, patched in 2026.2.1, in the MS Teams attachment downloader (optional extension must be enabled) that leaks bearer tokens to allowlisted suffix domains. When retrying downloads after receiving 401 or 403 responses, the application sends Authorization bearer tokens to untrusted hosts matching the permissive suffix-based allowlist, enabling token theft.
Published: 2026-03-05
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure via Bearer Token Leakage
Action: Patch Immediately
AI Analysis

Impact

OpenClaw versions 2026.1.30 and earlier contain an information disclosure vulnerability in the optional MS Teams attachment downloader. When the application receives 401 or 403 responses and retries the download, the downloader sends stored Authorization bearer tokens to any host that matches a permissive suffix‑based allowlist. This allows an attacker to steal bearer tokens intended for trusted Microsoft Teams domains. The vulnerability does not compromise system integrity or availability but permits unauthorized access to token‑authenticated services.

Affected Systems

The affected product is OpenClaw, specifically releases 2026.1.30 and older, when the optional MS Teams attachment downloader extension is enabled. The risk applies to any installation running these versions on a platform that uses node.js, where users have configured a suffix‑based allowlist for permitted download hosts.

Risk and Exploitability

The CVSS score of 5.9 indicates moderate severity, while the EPSS score of less than 1% shows a low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires the application to be configured with the optional extension and to have a permissive suffix allowlist; an attacker may trigger the retry logic by causing the application to reattempt a download to a malicious or compromised host matching the suffix rule.

Generated by OpenCVE AI on April 16, 2026 at 11:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to OpenClaw 2026.2.1, which contains the fix for the bearer token leakage issue
  • If upgrading immediately is not possible, disable the MS Teams attachment downloader optional extension until a patched release is available
  • Modify or remove the suffix‑based allowlist configuration to restrict token transmissions only to explicitly trusted domains until the update is applied

Generated by OpenCVE AI on April 16, 2026 at 11:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-7vwx-582j-j332 OpenClaw MS Teams inbound attachment downloader leaks bearer tokens to allowlisted suffix domains
History

Mon, 09 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Mar 2026 17:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N'}

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

Thu, 05 Mar 2026 22:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

 cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N'}

Thu, 05 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Description OpenClaw versions 2026.1.30 and earlier, contain an information disclosure vulnerability, patched in 2026.2.1, in the MS Teams attachment downloader (optional extension must be enabled) that leaks bearer tokens to allowlisted suffix domains. When retrying downloads after receiving 401 or 403 responses, the application sends Authorization bearer tokens to untrusted hosts matching the permissive suffix-based allowlist, enabling token theft.
Title OpenClaw < 2026.2.1 - Bearer Token Leakage via MS Teams Attachment Downloader Suffix Matching
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-201
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 5.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-09T20:41:27.755Z

Reserved: 2026-02-27T19:20:39.423Z

Link: CVE-2026-28481

cve-icon Vulnrichment

Updated: 2026-03-09T20:41:22.185Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-05T22:16:22.810

Modified: 2026-03-17T17:43:49.940

Link: CVE-2026-28481

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T12:00:11Z

Weaknesses