OpenClaw versions prior to 2026.3.8 contain a flaw in the Microsoft Teams plug‑in that allows a sender allowlist to be bypassed. When a team or channel route allowlist is configured with an empty groupAllowFrom field, the message handler creates a wildcard sender authorization. This enables any sender belonging to the matched team/channel to trigger bot replies in allowlisted Teams routes, effectively lifting the intended authorization controls. The weakness is a classic authorization bypass (CWE-863). The consequence is that unauthorized users can gain access to restricted bot interactions, potentially leaking sensitive information or disrupting team workflows. The impact is limited to users who can send messages within the affected Teams channels but could be significant if those channels contain confidential data.

The vulnerability affects the OpenClaw application (OpenClaw OpenClaw) on all installations using a Microsoft Teams plug‑in. Versions prior to 2026.3.8 are impacted; all later releases are considered fixed.

The CVSS score is 2.3, indicating a low severity. No EPSS score is available and the issue is not listed in CISA's KEV catalog. The attack requires the ability to send messages in a Microsoft Teams channel that is routed by the OpenClaw plug‑in. The likely attack vector is a user‑initiated message in an improperly configured Teams channel; therefore the exploit is feasible with standard user privileges in the target environment. While the risk is low, the potential for data exposure or unauthorized bot interaction warrants attention.