Executive Summary

CVE-2026-35654 is an authorization bypass vulnerability in OpenClaw versions before 2026.3.25 affecting the Microsoft Teams feedback invoke functionality.

The vulnerability allows unauthorized senders to bypass sender allowlist checks via feedback invoke endpoints, enabling them to record session feedback or trigger feedback reflection without proper authorization.

This flaw is classified under CWE-288 (Authentication Bypass Using an Alternate Path or Channel) and CWE-863 (Incorrect Authorization), indicating that the product had an alternate unauthenticated path and insufficient authorization checks.

Useful 0 Not Useful 0

Impact Analysis

An attacker exploiting this vulnerability can bypass authorization controls to submit or record Microsoft Teams session feedback without permission.

This unauthorized feedback recording or reflection could lead to inaccurate or manipulated feedback data being stored or processed.

Since the vulnerability requires no privileges or user interaction and can be exploited remotely, it poses a moderate risk with a CVSS v4 base score of 6.9.

Useful 0 Not Useful 0

Detection Guidance

Detection of this vulnerability involves monitoring unauthorized feedback submissions or reflections via the Microsoft Teams feedback invoke endpoints.

Specifically, you should look for feedback invoke activities named "message/submitAction" coming from senders not present in the configured allowlists for direct messages or group chats.

Since unauthorized feedback attempts do not create transcript files or trigger reflection, unusual feedback invoke requests from unknown or unauthorized senders could indicate exploitation attempts.

Commands to detect such activity would depend on your logging and monitoring setup, but examples include:

• Reviewing application logs for feedback invoke activities with sender IDs not in allowlists.
• Using network monitoring tools to filter traffic to feedback invoke endpoints and identify unauthorized sender patterns.
• Example command (if logs are in JSON format): `grep 'message/submitAction' feedback_logs.json | jq '.senderId'` to list senders invoking feedback.
• Using SIEM or IDS rules to alert on feedback invoke requests from unknown or unauthorized IP addresses or user IDs.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation step is to upgrade OpenClaw to version 2026.3.25 or later, where the vulnerability has been fixed by enforcing proper authorization checks on Microsoft Teams feedback invoke endpoints.

Until the patch can be applied, you should restrict access to the feedback invoke endpoints to trusted users only, ensuring that sender allowlists are properly configured and enforced.

Additionally, monitor feedback submission logs for unauthorized attempts and consider temporarily disabling feedback invoke functionality if possible.

• Apply the official patch from OpenClaw version 2026.3.25.
• Configure and enforce sender allowlists for direct messages and group chats to prevent unauthorized feedback submissions.
• Monitor logs and network traffic for suspicious feedback invoke activities.
• Restrict network access to feedback invoke endpoints to trusted sources.

Useful 0 Not Useful 0

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0