OpenClaw before 2026.3.12 contains an authorization bypass vulnerability where Feishu reaction events with omitted chat_type are misclassified as p2p conversati…

OpenClaw versions before 2026.3.12 contain an authorization bypass vulnerability affecting Feishu reaction events. The vulnerability occurs when chat_type parameters are omitted, causing the system to misclassify group chat events as peer-to-peer conversations. This misclassification allows attackers to bypass critical security protections including groupAllowFrom and requireMention controls in group chat environments. The vulnerability specifically impacts reaction-derived events within the Feishu messaging platform integration. Organizations using affected OpenClaw versions should upgrade immediately to prevent unauthorized access to group chat functionalities.