The vulnerability resides in the Microsoft Teams plugin of OpenClaw versions prior to 2026.3.8. When a team or channel route allowlist is configured with an empty groupAllowFrom parameter, the message handler incorrectly treats any sender within the matched team or channel as authorized, allowing that sender to trigger replies in routes that are intended to be restricted. This results in unauthorized use of the Teams plugin and can lead to policy violations or tampering with automated responses. The weakness is an insufficient authorization check, identified as CWE‑863.

The affected software is OpenClaw, specifically the OpenClaw application running on Node.js. All releases before 2026.3.8 are considered vulnerable; users of any such version should verify whether their deployment uses the problematic Teams route allowlist feature.

The CVSS score of 2.3 indicates a low severity assessment. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires the attacker to be able to send messages in a Teams channel that is configured with a route allowlist containing an empty groupAllowFrom setting. This suggests the threat model focuses on internal or compromised users with access to the Teams channel, rather than external adversaries. The attack path involves sending a message that is treated as authorized and then triggering a back‑channel reply. While the condition is somewhat restrictive, it still permits unauthorized actors to override intended authorization controls within the Teams integration.