CVE-2026-43572
Analyzed Analyzed - Analysis Complete
Missing Authorization in OpenClaw Teams SSO Invoke Handler

Publication date: 2026-05-05

Last updated on: 2026-05-07

Assigner: VulnCheck

Description
OpenClaw versions 2026.4.10 before 2026.4.14 contain a missing authorization vulnerability in the Microsoft Teams SSO invoke handler that fails to apply sender allowlist checks. Attackers can bypass sender authorization by sending SSO invoke requests that are processed without proper validation, allowing unauthorized access to Teams SSO signin functionality.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-05
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-05-05
EPSS Evaluated
2026-06-15
NVD
CVE-2026-43572
EUVD
EUVD-2026-27295
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw From 2026.4.10 (inc) to 2026.4.14 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

OpenClaw versions 2026.4.10 through 2026.4.13 contain a missing authorization vulnerability in the Microsoft Teams Single Sign-On (SSO) invoke handler. This vulnerability occurs because the handler fails to apply sender allowlist checks before processing SSO sign-in requests. As a result, attackers can bypass sender authorization by sending specially crafted SSO invoke requests that are processed without proper validation.

This allows unauthorized users to trigger Teams SSO sign-in flows, potentially gaining unauthorized access or exchanging tokens without permission.

Impact Analysis

This vulnerability can lead to unauthorized access to Microsoft Teams Single Sign-On functionality within OpenClaw. Attackers exploiting this flaw can bypass sender authorization checks and initiate SSO sign-in processes without proper validation.

The impact includes potential unauthorized access to user accounts or services that rely on Teams SSO, which could lead to unauthorized token exchange or access to sensitive information.

Detection Guidance

Detection of this vulnerability involves monitoring Microsoft Teams Single Sign-On (SSO) invoke requests to identify unauthorized or unexpected SSO sign-in attempts that bypass sender allowlist checks.

Since the vulnerability allows unauthorized SSO invoke requests to be processed without proper validation, you can look for unusual or unauthorized SSO invoke traffic in your logs or network captures.

The patch introduced detailed logging for blocked attempts specifying whether the denial was due to direct message (DM), channel, or group chat restrictions. Reviewing logs for such blocked attempts or unexpected SSO invoke requests can help detect exploitation attempts.

Specific commands are not provided in the resources, but general approaches include:

  • Inspect application logs for Microsoft Teams SSO invoke handler entries indicating blocked or unauthorized sign-in attempts.
  • Use network monitoring tools (e.g., tcpdump, Wireshark) to capture and analyze traffic for unusual SSO invoke requests.
  • Search logs for patterns of SSO invoke requests coming from senders not in the allowlist or from unexpected sources.
Mitigation Strategies

The primary immediate mitigation step is to upgrade OpenClaw to version 2026.4.14 or later, where the vulnerability has been fixed.

The fix enforces sender allowlist checks on Microsoft Teams SSO sign-in invokes, ensuring only authorized senders can trigger SSO sign-in flows.

Until the upgrade is applied, monitor and restrict SSO invoke requests where possible, and review logs for unauthorized access attempts.

Compliance Impact

The provided context and resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43572. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart