PT-2026-25466 · Npm · Openclaw
Published
2026-03-03
·
Updated
2026-03-03
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
Summary
In
openclaw MS Teams file-consent flow, pending uploads were authorized by uploadId alone. fileConsent/invoke did not verify the invoke conversation against the conversation that created the pending upload.Impact
An attacker who obtained a valid
uploadId within TTL could trigger cross-conversation upload completion (accept path) or cancel a victim pending upload (decline path).Technical Details
- Pending uploads stored
conversationId, but invoke handling consumed byuploadIdonly. - The invoke path did not enforce conversation binding before
uploadToConsentUrl(...)and pending-upload removal. - Fix binds accept/decline handling to normalized conversation id match before consuming pending upload state.
Affected Packages / Versions
- Package:
openclaw(npm) - Latest published npm version (as of February 26, 2026):
2026.2.24 - Vulnerable range:
<= 2026.2.24 - Patched in release:
2026.2.25
Remediation
Upgrade to
openclaw 2026.2.25 (or later) once published.Fix Commit(s)
347f7b9550064f5f5b33c6e07f64e85b9657b6f1
Release Process Note
patched versions is pre-set to the release (2026.2.25). Advisory published with npm release 2026.2.25.OpenClaw thanks @tdjackey for reporting.
Fix
Missing Authorization
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Openclaw