Advisories

OpenClaw < 2026.5.28 Authentication Bypass via safeFetch

Go Back
severity
high
date
Affecting
  • OpenClaw >= 0, < 2026.5.28

CWE
  • CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
CVSS
5.1
CVSS V4 Vector
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
Credit
Chinmohan Nayak (@nayakchinmohan)
Description
OpenClaw before 2026.5.28 contains a race condition in the MS Teams safeFetch DNS rebinding check. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could win a timing window between the DNS validation check and use, allowing actions that should have required a stronger authorization or policy check. Practical impact depends on the operator's configuration and whether lower-trust input can reach that path.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.
  • Vulnerability Prioritization
    Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
  • Early Warning System
    Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.