CVE-2026-32924

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.12

Description OpenClaw contains an authorization bypass issue. Feishu reaction events lacking chat type information are incorrectly categorized as direct (p2p) conversations rather than group chats. This misclassification allows attackers to circumvent groupAllowFrom and requireMention safeguards within group chat reaction-related events. The issue impacts the handling of reaction-derived events in group chats, potentially allowing unauthorized access or actions.

Recommendations Versions prior to 2026.3.12 should be updated to version 2026.3.12 or later.