Medium severity4.3NVD Advisory· Published Mar 31, 2026· Updated Apr 1, 2026
CVE-2026-34506
CVE-2026-34506
Description
OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plugin that allows unauthorized senders to bypass intended authorization checks. When a team/channel route allowlist is configured with an empty groupAllowFrom parameter, the message handler synthesizes wildcard sender authorization, permitting any sender in the matched team/channel to trigger replies in allowlisted Teams routes.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
openclawnpm | < 2026.3.8 | 2026.3.8 |
Affected products
1Patches
188aee9161e0efix(msteams): enforce sender allowlists with route allowlists
3 files changed · +69 −15
CHANGELOG.md+1 −0 modified@@ -7,6 +7,7 @@ Docs: https://docs.openclaw.ai ### Fixes - Browser/SSRF: block private-network intermediate redirect hops in strict browser navigation flows and fail closed when remote tab-open paths cannot inspect redirect chains. Thanks @zpbrent. +- MS Teams/authz: keep `groupPolicy: "allowlist"` enforcing sender allowlists even when a team/channel route allowlist is configured, so route matches no longer widen group access to every sender in that route. Thanks @zpbrent. ## 2026.3.8
extensions/msteams/src/monitor-handler/message-handler.authz.test.ts+67 −11 modified@@ -5,7 +5,7 @@ import { setMSTeamsRuntime } from "../runtime.js"; import { createMSTeamsMessageHandler } from "./message-handler.js"; describe("msteams monitor handler authz", () => { - it("does not treat DM pairing-store entries as group allowlist entries", async () => { + function createDeps(cfg: OpenClawConfig) { const readAllowFromStore = vi.fn(async () => ["attacker-aad"]); setMSTeamsRuntime({ logging: { shouldLogVerbose: () => false }, @@ -35,16 +35,7 @@ describe("msteams monitor handler authz", () => { }; const deps: MSTeamsMessageHandlerDeps = { - cfg: { - channels: { - msteams: { - dmPolicy: "pairing", - allowFrom: [], - groupPolicy: "allowlist", - groupAllowFrom: [], - }, - }, - } as OpenClawConfig, + cfg, runtime: { error: vi.fn() } as unknown as RuntimeEnv, appId: "test-app", adapter: {} as MSTeamsMessageHandlerDeps["adapter"], @@ -65,6 +56,21 @@ describe("msteams monitor handler authz", () => { } as unknown as MSTeamsMessageHandlerDeps["log"], }; + return { conversationStore, deps, readAllowFromStore }; + } + + it("does not treat DM pairing-store entries as group allowlist entries", async () => { + const { conversationStore, deps, readAllowFromStore } = createDeps({ + channels: { + msteams: { + dmPolicy: "pairing", + allowFrom: [], + groupPolicy: "allowlist", + groupAllowFrom: [], + }, + }, + } as OpenClawConfig); + const handler = createMSTeamsMessageHandler(deps); await handler({ activity: { @@ -96,4 +102,54 @@ describe("msteams monitor handler authz", () => { }); expect(conversationStore.upsert).not.toHaveBeenCalled(); }); + + it("does not widen sender auth when only a teams route allowlist is configured", async () => { + const { conversationStore, deps } = createDeps({ + channels: { + msteams: { + dmPolicy: "pairing", + allowFrom: [], + groupPolicy: "allowlist", + groupAllowFrom: [], + teams: { + team123: { + channels: { + "19:group@thread.tacv2": { requireMention: false }, + }, + }, + }, + }, + }, + } as OpenClawConfig); + + const handler = createMSTeamsMessageHandler(deps); + await handler({ + activity: { + id: "msg-1", + type: "message", + text: "hello", + from: { + id: "attacker-id", + aadObjectId: "attacker-aad", + name: "Attacker", + }, + recipient: { + id: "bot-id", + name: "Bot", + }, + conversation: { + id: "19:group@thread.tacv2", + conversationType: "groupChat", + }, + channelData: { + team: { id: "team123", name: "Team 123" }, + channel: { name: "General" }, + }, + attachments: [], + }, + sendActivity: vi.fn(async () => undefined), + } as unknown as Parameters<typeof handler>[0]); + + expect(conversationStore.upsert).not.toHaveBeenCalled(); + }); });
extensions/msteams/src/monitor-handler/message-handler.ts+1 −4 modified@@ -242,10 +242,7 @@ export function createMSTeamsMessageHandler(deps: MSTeamsMessageHandlerDeps) { } const senderGroupAccess = evaluateSenderGroupAccessForPolicy({ groupPolicy, - groupAllowFrom: - effectiveGroupAllowFrom.length > 0 || !channelGate.allowlistConfigured - ? effectiveGroupAllowFrom - : ["*"], + groupAllowFrom: effectiveGroupAllowFrom, senderId, isSenderAllowed: (_senderId, allowFrom) => resolveMSTeamsAllowlistMatch({
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/openclaw/openclaw/commit/88aee9161e0e6d32e810a25711e32a808a1777b2nvdPatchWEB
- github.com/advisories/GHSA-g7cr-9h7q-4qxqghsaADVISORY
- github.com/openclaw/openclaw/security/advisories/GHSA-g7cr-9h7q-4qxqnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-34506ghsaADVISORY
- www.vulncheck.com/advisories/openclaw-sender-allowlist-bypass-in-microsoft-teams-plugin-via-route-allowlist-configurationnvdThird Party AdvisoryWEB
News mentions
0No linked articles in our index yet.