Description
OpenClaw versions before 2026.5.27 contain a token leakage vulnerability in MS Teams outbound requests that allows lower-trust callers to expose Bot Framework tokens. Attackers can access configured input paths to retrieve credentials that should remain within the trusted boundary.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Fri, 17 Jul 2026 00:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | OpenClaw versions before 2026.5.27 contain a token leakage vulnerability in MS Teams outbound requests that allows lower-trust callers to expose Bot Framework tokens. Attackers can access configured input paths to retrieve credentials that should remain within the trusted boundary. | |
| Title | OpenClaw < 2026.5.27 Token Leakage via MS Teams Outbound Requests | |
| Weaknesses | CWE-522 | |
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-17T00:06:55.533Z
Reserved: 2026-07-13T16:39:22.251Z
Link: CVE-2026-62213
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-522
Insufficiently Protected Credentials