CVE-2026-32974 - Vulnerability Analysis
HighCVSS: 8.6Last Updated: March 30, 2026
OpenClaw - Authentication Bypass
Overview
OpenClaw < 2026.3.12 contains an authentication bypass caused by missing encryptKey in Feishu webhook mode, letting unauthenticated attackers inject forged events and trigger downstream tool execution, exploit requires network access to webhook endpoint.
Severity & Score
Impact
Unauthenticated attackers can inject forged events and trigger execution of downstream tools, potentially leading to unauthorized actions.
Mitigation
Update to version 2026.3.12 or later.
References
Social Media Activity(2 posts)
š CVE-2026-32974 - High (8.6) OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated network attackers can inject forge... š https://www.thehackerwire.com/vulnerability/CVE-2026-32974/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postš CVE-2026-32974 - High (8.6) OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated network attackers can inject forge... š https://www.thehackerwire.com/vulnerability/CVE-2026-32974/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-32974
- Severity
- High
- CVSS Score
- 8.6
- Type
- broken_authentication
- Status
- confirmed
- EPSS
- 10.6%
- Social Posts
- 2
CWE
- CWE-347
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L