CVE-2026-34509 | OpenClaw up to 2026.3.7 Microsoft Teams Plugin team/channel groupAllowFrom authorization (GHSA-g7cr-9h7q-4qxq)

A vulnerability, which was classified as problematic, was found in OpenClaw up to 2026.3.7. This affects an unknown part of the file team/channel of the component Microsoft Teams Plugin. Such manipulation of the argument groupAllowFrom leads to incorrect authorization.

This vulnerability is documented as CVE-2026-34509. The attack can be executed remotely. There is not any exploit available.

You should upgrade the affected component.VulDB Recent EntriesRead More