Authorization Bypass in OpenClaw Feishu Tools by OpenClaw
CVE-2026-62187

8.6HIGH

Key Information:

Vendor

Openclaw

Status
Vendor
CVE Published:
13 July 2026

What is CVE-2026-62187?

The OpenClaw Feishu tools npm package, specifically versions up to 2026.6.6, contains an authorization bypass vulnerability that allows lower-trust callers to execute actions without adequate authorization checks. This flaw can lead to unauthorized operations if the configuration permits access to sensitive features that normally require strict policy enforcement. Users are advised to upgrade to version 2026.6.9, which resolves this vulnerability. It is crucial to assess your configurations to prevent lower-trust inputs from exploiting this weakness.

Affected Version(s)

feishu 0 < 2026.6.9

feishu 2026.6.9

References

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Rex Liu (@rexpository)
.