OpenClaw MS Teams before 2026.5.12 contain an authorization bypass vulnerability where the allowFrom feature binds to mutable display names. Attackers with lower-trust access can perform actions requiring stronger authorization by exploiting the mutable display name binding in the affected feature.
Metrics
Affected Vendors & Products
References
History
Fri, 17 Jul 2026 00:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | OpenClaw MS Teams before 2026.5.12 contain an authorization bypass vulnerability where the allowFrom feature binds to mutable display names. Attackers with lower-trust access can perform actions requiring stronger authorization by exploiting the mutable display name binding in the affected feature. | |
| Title | OpenClaw MS Teams < 2026.5.12 Authorization Bypass | |
| Weaknesses | CWE-290 CWE-863 |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-17T00:07:02.933Z
Reserved: 2026-07-13T16:40:10.961Z
Link: CVE-2026-62224
No data.
No data.
No data.
OpenCVE Enrichment
No data.