CVE-2026-32924: Critical Authorization Bypass in OpenClaw Feishu Integration
A critical authorization bypass vulnerability identified as CVE-2026-32924 has been disclosed in OpenClaw versions prior to 2026.3.12. The vulnerability stems from a logic flaw in how OpenClaw processes Feishu (Lark) reaction events: when a reaction event omits the chat_type field, OpenClaw incorrectly classifies the message as originating from a private peer-to-peer (p2p) conversation rather than a group chat. This misclassification causes the bot framework to skip group-specific authorization checks — namely the groupAllowFrom allowlist and requireMention protections — allowing unauthorized users to interact with the bot as though they had explicit permission.
The vulnerability carries a CVSS v3.1 score of 9.8 (Critical) and is classified under CWE-863 — Incorrect Authorization, reflecting a fundamental failure in access control enforcement when processing events with incomplete metadata.
Vulnerability Overview
| Attribute | Value |
|---|---|
| CVE ID | CVE-2026-32924 |
| CVSS Score | 9.8 (Critical) |
| CWE Classification | CWE-863 — Incorrect Authorization |
| Affected Software | OpenClaw before 2026.3.12 |
| Vulnerable Component | Feishu reaction event handler |
| Missing Field | chat_type in reaction events |
| Bypassed Protections | groupAllowFrom, requireMention |
| Attack Vector | Network (Remote) |
| Authentication Required | None — Feishu workspace member |
| Exploit Complexity | Low |
| Patch Available | Yes — upgrade to OpenClaw 2026.3.12 or later |
Technical Details
Affected Component
The vulnerability resides in OpenClaw's Feishu integration event processing layer. When a user adds a reaction (emoji) to a message, Feishu dispatches a reaction event to the connected bot webhook. In certain Feishu API configurations, reaction events may be delivered without a chat_type field in the event payload — a field OpenClaw uses to determine whether an event originated in a group chat or a direct (p2p) message thread.
Exploitation Mechanism
OpenClaw's authorization logic evaluates groupAllowFrom and requireMention only when it detects the conversation is a group chat:
// Vulnerable logic (simplified)
function handleReactionEvent(event):
if event.chat_type == "group":
enforceGroupAllowFrom(event)
enforceRequireMention(event)
// If chat_type is missing or "p2p", group restrictions are skipped
processBotCommand(event)
When chat_type is absent from the reaction event payload, OpenClaw defaults to treating the event as a p2p interaction. All group-level restrictions are bypassed, and the bot processes the command as though the sender is an authorized user.
An attacker who is a member of a Feishu workspace can craft or trigger reaction events with the chat_type field omitted, bypassing:
groupAllowFrom— the allowlist of users/groups permitted to interact with the bot in a group chatrequireMention— the requirement that the bot must be explicitly @-mentioned before responding
Attack Flow
1. Attacker identifies an OpenClaw bot deployed in a Feishu group chat
where they are not on the groupAllowFrom allowlist
2. Attacker sends or triggers a Feishu reaction event with chat_type omitted
3. OpenClaw receives the event and checks: chat_type != "group"
4. OpenClaw skips groupAllowFrom and requireMention enforcement
5. Attacker's command is processed as if they are an authorized p2p user
6. Attacker can invoke bot commands, exfiltrate data, or trigger automated actions
that should only be available to authorized group members
Authorization Bypass Context
This class of vulnerability — where a missing or absent field in an event payload causes security checks to be skipped — is a well-documented failure pattern in event-driven architectures. The root cause is fail-open behavior: when metadata is missing, the system defaults to the less restrictive code path rather than rejecting the event or applying the more restrictive policy.
Secure implementations should:
- Default to the most restrictive policy when required fields are absent (fail-closed)
- Reject events with missing required security-relevant fields rather than making assumptions
- Treat missing
chat_typeas group context, since this is the more dangerous default
Remediation
Immediate Action Required
Upgrade OpenClaw to version 2026.3.12 or later. This release corrects the chat_type fallback logic to default to group-chat authorization enforcement when the field is absent, preventing the bypass.
Mitigations for Unpatched Deployments
- Disable Feishu reaction event handling at the webhook level if the feature is not essential to your deployment
- Review bot permissions — minimize the actions the bot can take to limit the blast radius of unauthorized command execution
- Monitor bot interaction logs for unexpected commands from users not on the
groupAllowFromallowlist - Restrict Feishu workspace membership to reduce the pool of potential attackers
Code-Level Fix Pattern
The remediation implemented in 2026.3.12 defaults to group-chat enforcement when chat_type is absent:
// Fixed logic — introduced in 2026.3.12
function handleReactionEvent(event):
// Treat missing chat_type as group (fail-closed)
chat_type = event.chat_type ?? "group"
if chat_type == "group":
enforceGroupAllowFrom(event)
enforceRequireMention(event)
processBotCommand(event)
Impact Assessment
| Impact Area | Description |
|---|---|
| Authorization Bypass | Bypasses groupAllowFrom and requireMention restrictions entirely |
| Unauthorized Bot Access | Non-allowlisted users can interact with restricted bots |
| Data Exfiltration | Bots with data access can be queried by unauthorized users |
| Action Execution | Bots with integration capabilities may perform unauthorized operations |
| Privilege Context | Attack is indistinguishable from legitimate authorized interaction |
| Exploit Barrier | Very low — any Feishu workspace member can exploit via reaction events |
Key Takeaways
- CVE-2026-32924 is a CVSS 9.8 critical authorization bypass in OpenClaw prior to version 2026.3.12
- Feishu reaction events with an absent
chat_typefield cause OpenClaw to misclassify group interactions as p2p, bypassinggroupAllowFromandrequireMentionprotections - The flaw requires only Feishu workspace membership — no special privileges — making it broadly exploitable in any organization using OpenClaw with Feishu
- Upgrade to OpenClaw 2026.3.12 immediately; until patched, consider disabling reaction event processing
- This is a fail-open design flaw — the fix ensures missing
chat_typedefaults to the more restrictive group-chat enforcement path