Cloud Vulnerability DB
A community-led vulnerabilities database
Wiz Agents & Workflows are here
Vulnerability DatabaseGHSA-rf6h-5gpw-qrgq
GHSA-rf6h-5gpw-qrgq:
OpenClaw (formerly Moltbot or Clawdbot) vulnerability analysis and mitigation
Summary
MS Teams Feedback Invoke Bypasses Sender Allowlists and Records Unauthorized Session Feedback
Affected Packages / Versions
- Package:
openclaw - Affected versions:
<= 2026.3.24 - First patched version:
2026.3.25 - Latest published npm version at verification time:
2026.3.24
Details
Microsoft Teams feedback invokes previously bypassed sender authorization and could record feedback or trigger reflection for unauthorized senders. Commit c5415a474bb085404c20f8b312e436997977b1ea applies the same DM and group authorization checks to feedback invokes.
Verified vulnerable on tag v2026.3.24 and fixed on main by commit c5415a474bb085404c20f8b312e436997977b1ea.
Fix Commit(s)
c5415a474bb085404c20f8b312e436997977b1ea
Source: NVD
Related OpenClaw (formerly Moltbot or Clawdbot) vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management