CVE-2026-41365

CVSS v3.1

5.4

Medium

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability in MS Teams thread history fetched via Graph API. Attackers can retrieve thread messages that should be filtered by sender allowlists, bypassing message filtering restrictions.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-441

Related Identifiers

CVE-2026-41365

Affected Products

Openclaw

CVE-2026-41365

Weakness Enumeration

Related Identifiers

Affected Products

References · 4