CVE-2026-62205
Received Received - Intake

Missing Authorization in OpenClaw MS Teams Integration

Vulnerability report for CVE-2026-62205, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-17

Last updated on: 2026-07-17

Assigner: VulnCheck

Description

OpenClaw versions 2026.4.12-beta.1 before 2026.6.6 contain a missing-authorization vulnerability in the MS Teams message actions feature. When the affected feature is enabled and reachable, a lower-trust caller or a configured input path can perform actions that should have required a stronger authorization or policy check. Practical impact depends on the operator's configuration and whether lower-trust input can reach that path. The issue is fixed in 2026.6.6.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-17
Last Modified
2026-07-17
Generated
2026-07-17
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
openclaw openclaw to 2026.6.6 (exc)
openclaw openclaw From 2026.4.12-beta.1 (inc) to 2026.6.6 (exc)
openclaw openclaw 2026.6.6

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-62205 is a missing-authorization vulnerability in OpenClaw versions 2026.4.12-beta.1 through 2026.6.6. It affects the MS Teams message actions feature, where lower-trust callers or configured input paths can perform actions requiring stronger authorization checks. The issue is fixed in version 2026.6.6.

Detection Guidance

To detect this vulnerability, check if your OpenClaw version is between 2026.4.12-beta.1 and 2026.6.6. Verify if the MS Teams message actions feature is enabled and accessible. Inspect logs for unauthorized actions or policy violations in this feature.

Impact Analysis

The impact depends on the operator's configuration and whether lower-trust input can reach the affected feature. It may allow unauthorized data modification (integrity impact) while maintaining confidentiality and availability. Operators should upgrade to version 2026.6.6, restrict the feature to trusted operators, or disable it when unnecessary.

Compliance Impact

This vulnerability could potentially impact compliance with GDPR and HIPAA by allowing unauthorized actions through missing authorization checks in the MS Teams message actions feature. If lower-trust callers or untrusted input can reach the affected path, it may lead to unauthorized data modification or access, violating integrity and confidentiality requirements under these regulations.

Mitigation Strategies

Upgrade OpenClaw to version 2026.6.6 or later. If upgrading is not possible, disable the MS Teams message actions feature or restrict it to trusted operators only. Review and tighten allowlists, authentication policies, and authorization checks for this feature.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-62205. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart