Authorization Bypass in OpenClaw Feishu Tools by OpenClaw
CVE-2026-62187
8.6HIGH
What is CVE-2026-62187?
The OpenClaw Feishu tools npm package, specifically versions up to 2026.6.6, contains an authorization bypass vulnerability that allows lower-trust callers to execute actions without adequate authorization checks. This flaw can lead to unauthorized operations if the configuration permits access to sensitive features that normally require strict policy enforcement. Users are advised to upgrade to version 2026.6.9, which resolves this vulnerability. It is crucial to assess your configurations to prevent lower-trust inputs from exploiting this weakness.
Affected Version(s)
feishu 0 < 2026.6.9
feishu 2026.6.9
