CVE-2026-28481

MEDIUM EPSS 17.2%
Published Mar 5, 20263mo ago · Modified Jun 17, 20261w ago
5.9 CVSS 4.0
Medium
Find Similar
Published Mar 5, 2026 3mo ago
Last Modified Jun 17, 2026 1w ago

Description

OpenClaw versions 2026.1.30 and earlier, contain an information disclosure vulnerability, patched in 2026.2.1, in the MS Teams attachment downloader (optional extension must be enabled) that leaks bearer tokens to allowlisted suffix domains. When retrying downloads after receiving 401 or 403 responses, the application sends Authorization bearer tokens to untrusted hosts matching the permissive suffix-based allowlist, enabling token theft.

CVSS Details

Base Score
5.9
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction A
Scope X

Threat Intelligence

EPSS Exploit Probability
17.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-201

Affected Products 1

VendorProductVersionRange
openclawopenclaw* ≤2026.1.30

References 3

  • github.com https://github.com/openclaw/openclaw/commit/41cc5bcd4f1d434ad1bbdfa55b56f25025ecbf6b
    Patch
  • github.com https://github.com/openclaw/openclaw/security/advisories/GHSA-7vwx-582j-j332
    Vendor Advisory
  • vulncheck.com https://www.vulncheck.com/advisories/openclaw-bearer-token-leakage-via-ms-teams-attachment-downloader-suffix-matching
    Third Party Advisory

Remediation

  • github.com https://github.com/openclaw/openclaw/commit/41cc5bcd4f1d434ad1bbdfa55b56f25025ecbf6b
    Patch