PT-2026-37027 · Openclaw+1 · Openclaw+1
Keensecuritylab
+1
·
Published
2026-04-17
·
Updated
2026-05-05
·
CVE-2026-43572
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
OpenClaw versions 2026.4.10 through 2026.4.13
Description
The Microsoft Teams SSO invoke handler fails to apply sender allowlist checks. This allows attackers to bypass sender authorization by sending SSO invoke requests that are processed without proper validation, leading to unauthorized access to Teams SSO signin functionality.
Recommendations
Update to version 2026.4.14 or newer.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Teams
Openclaw