CVE-2026-32974: OpenClaw Auth Bypass — Patch Guide

Vendor-confirmed - CVE-2026-32974 is a high-severity authentication bypass in OpenClaw versions prior to 2026.3.12 that lets unauthenticated attackers forge Feishu webhook events to trigger unauthorized actions in downstream workflows. Update immediately to version 2026.3.12 to secure your instance.

Overview

A significant security vulnerability, tracked as CVE-2026-32974, has been identified in OpenClaw, a tool used for integrating and automating workflows. This flaw is an authentication bypass that affects versions prior to 2026.3.12 when configured in a specific, insecure manner.

Vulnerability Details

In simple terms, this vulnerability exists in OpenClaw’s “Feishu webhook” integration feature. A webhook is a way for one application to send automated messages or data to another. OpenClaw can be configured to listen for these messages from Feishu (a collaboration platform).

The security issue occurs when OpenClaw is set up to only use a verificationToken for security, without also configuring an encryptKey. In this incomplete configuration, the system fails to properly verify where incoming messages are coming from. This allows attackers to create and send fake, or “forged,” Feishu event messages directly to the OpenClaw webhook endpoint.

Potential Impact

The impact of this vulnerability is high (CVSS score 8.6). Since the authentication check is broken, an unauthenticated attacker on the same network could exploit this flaw. They can inject malicious events that appear legitimate to OpenClaw.

The primary risk is that these forged events can trigger the execution of downstream tools and automated processes connected to OpenClaw. This could lead to unauthorized data access, system manipulation, or disruption of automated business workflows. Successful exploitation could be a stepping stone to a larger security incident; you can review real-world consequences of such breaches in our breach reports.

Remediation and Mitigation

The solution is straightforward and must be applied promptly.

Immediate Action:

1. Update OpenClaw: All users must upgrade to OpenClaw version 2026.3.12 or later. This version contains the fix for the authentication logic.
2. Verify Configuration: After updating, ensure your Feishu webhook configuration in OpenClaw uses both a verificationToken and an encryptKey as intended by the vendor. Using both parameters together is essential for proper security.

Temporary Mitigation (if update is delayed): If you cannot update immediately, consider restricting network access to the OpenClaw webhook endpoint. Use firewall rules to limit which source IP addresses (specifically, only Feishu’s official IP ranges) can connect to the port where OpenClaw is listening. This is not a permanent fix but can reduce the attack surface.

Stay informed about important updates like this by following our security news section. Always ensure your automation and integration tools are kept up-to-date with the latest security patches to protect your digital environment.