top of page
perceptive_background_267k.jpg

OpenClaw versions 2026.1.30 and earlier, contain an information disclosure vulnerability, patched in 2026.2.1, in the MS Teams attachment downloader (optional e…

Published:

4 March 2026 at 23:00:00

Alert date:

5 March 2026 at 23:13:13

Source:

nvd.nist.gov

Click to open the original link from this advisory

Identity & Access, Email & Messaging

OpenClaw versions 2026.1.30 and earlier contain an information disclosure vulnerability in the MS Teams attachment downloader extension. The vulnerability allows bearer tokens to leak to allowlisted suffix domains when the application retries downloads after receiving 401 or 403 responses. The flaw sends Authorization bearer tokens to untrusted hosts that match a permissive suffix-based allowlist, enabling token theft. The vulnerability has been patched in version 2026.2.1 and requires the optional MS Teams extension to be enabled to be exploitable.

Technical details

Mitigation steps:

Affected products:

OpenClaw

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-28481
https://github.com/openclaw/openclaw/commit/41cc5bcd4f1d434ad1bbdfa55b56f25025ecbf6b
https://github.com/openclaw/openclaw/security/advisories/GHSA-7vwx-582j-j332
https://www.vulncheck.com/advisories/openclaw-bearer-token-leakage-via-ms-teams-attachment-downloader-suffix-matching

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page