Executive Summary

CVE-2026-32924 is an authorization bypass vulnerability in OpenClaw versions before 2026.3.12. It occurs because Feishu reaction events that omit the chat_type attribute are incorrectly classified as peer-to-peer (p2p) conversations instead of group chats.

This misclassification allows attackers to bypass security protections such as groupAllowFrom and requireMention, which are designed to restrict actions within group chat reaction-derived events.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow attackers to bypass group chat security controls, potentially enabling unauthorized actions or access within group conversations.

Because the system treats certain group chat reactions as direct messages, protections that limit who can interact or mention others in group chats are circumvented, increasing the risk of unauthorized information disclosure or manipulation.

Useful 0 Not Useful 0

Mitigation Strategies

The vulnerability can be mitigated by updating OpenClaw to version 2026.3.12 or later.

This update ensures that reaction events correctly preserve the group context before authorization and mention-gate evaluation, preventing the bypass of groupAllowFrom and requireMention protections.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability in OpenClaw allows attackers to bypass group authorization and mention gating protections by misclassifying group chat reaction events as peer-to-peer conversations. This improper authorization can lead to unauthorized access or actions within group chats.

Such authorization bypass issues can potentially impact compliance with standards and regulations like GDPR and HIPAA, which require strict access controls and protection of sensitive information. If unauthorized users can bypass protections and access or manipulate group chat data, it may result in violations of data privacy and security requirements mandated by these regulations.

Therefore, until the vulnerability is mitigated by updating OpenClaw to version 2026.3.12 or later, organizations using affected versions may face increased risk of non-compliance with these common standards due to weakened authorization controls.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability arises from Feishu reaction events where the chat_type attribute is omitted, causing misclassification of group chats as peer-to-peer conversations. Detection involves monitoring Feishu reaction events for missing or omitted chat_type fields in the payload.

To detect this on your system or network, you should inspect inbound Feishu reaction event payloads for the absence of the chat_type field or for chat_type values that do not correctly indicate group chats.

While no specific commands are provided in the available resources, a general approach would be to capture and analyze network traffic or application logs where Feishu reaction events are processed. For example, using tools like tcpdump or Wireshark to filter and inspect traffic related to Feishu reaction events, or querying application logs for reaction events missing the chat_type attribute.

• Use network packet capture tools (e.g., tcpdump) to capture Feishu reaction event traffic.
• Filter captured data for reaction events and check for missing or empty chat_type fields.
• Review application logs for reaction events lacking the chat_type attribute.
• Implement custom scripts or queries to detect reaction events where chat_type is omitted or misclassified.

Useful 0 Not Useful 0