OpenClaw versions before 2026.5.27 contain a token leakage vulnerability in MS Teams outbound requests that allows lower-trust callers to expose Bot Framework tokens. Attackers can access configured input paths to retrieve credentials that should remain within the trusted boundary.
Metrics
Affected Vendors & Products
References
History
Fri, 17 Jul 2026 00:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | OpenClaw versions before 2026.5.27 contain a token leakage vulnerability in MS Teams outbound requests that allows lower-trust callers to expose Bot Framework tokens. Attackers can access configured input paths to retrieve credentials that should remain within the trusted boundary. | |
| Title | OpenClaw < 2026.5.27 Token Leakage via MS Teams Outbound Requests | |
| Weaknesses | CWE-522 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-17T00:06:55.533Z
Reserved: 2026-07-13T16:39:22.251Z
Link: CVE-2026-62213
No data.
No data.
No data.
OpenCVE Enrichment
No data.