Critical · CVSS 9.2 April 16, 2026 · VulnCheck / GitHub Advisory Database

OpenClaw Feishu Auth Bypass

Fail-open authentication in AI agent messaging channel lets unauthenticated traffic reach command dispatch

CVE-2026-44109 / GHSA-xh72-v6v9-mwhc affects the openclaw npm package before version 2026.4.15. Two fail-open validation paths in the Feishu webhook integration allow unauthenticated inbound requests to bypass signature verification and reach OpenClaw's agent command dispatch. Missing encryptKey configuration is treated as acceptable rather than rejected at startup, and malformed card-action callbacks with blank tokens pass into lifecycle handling without rejection. OpenClaw connects LLM reasoning to shell execution, filesystem access, browser automation, Docker containers, and messaging platforms — making a channel-authentication bypass a direct path to those execution surfaces.

1 CVE

9.2 CVSS v4.0

Auth Bypass Class

2026.4.15 Fixed In

"Severity remains critical because affected webhook deployments expose a network-triggered path into OpenClaw command handling without the expected Feishu signature or replay protection."

— GitHub Advisory Database, GHSA-xh72-v6v9-mwhc

Members only

Full technical analysis, attack chain, IOCs, and the defensive checklist are available to registered members — free to join.

Primary sources: GitHub Advisory Database (GHSA-xh72-v6v9-mwhc), NVD (CVE-2026-44109), VulnCheck. Disclosed April 16, 2026; patched in openclaw 2026.4.15. This advisory is an independent defensive guide produced by Spectreworks AI for educational purposes only.