CVE-2026-62213

Summary

OpenClaw versions before 2026.5.27 contain a token leakage vulnerability in MS Teams outbound requests that allows lower-trust callers to expose Bot Framework tokens. Attackers can access configured input paths to retrieve credentials that should remain within the trusted boundary.

Affected Software

VendorProductVersion RangeStatus
openclawmsteams0 < 2026.5.27affected
openclawmsteams2026.5.27unaffected

Weaknesses

  • CWE-522: Insufficiently Protected Credentials

References