PT-2026-39682 · Openclaw · Openclaw
Keensecuritylab
+1
·
Published
2026-05-11
·
Updated
2026-05-11
·
CVE-2026-44993
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
OpenClaw versions prior to 2026.4.20
Description
A message classification issue exists in Feishu card-action callbacks where direct messages are incorrectly identified as group conversations. This allows attackers to bypass
dmPolicy enforcement by triggering card-action flows within direct message conversations that should have been blocked by restrictive policies.Recommendations
Update to version 2026.4.20.
Fix
Incomplete List of Disallowed Inputs
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openclaw