CVE-2026-62188
OpenClaw · feishu
The @openclaw/feishu package contains an incorrect authorization vulnerability that allows authenticated users to perform unauthorized actions.
Executive summary
An incorrect authorization flaw in the OpenClaw feishu package allows authenticated attackers to bypass security controls, posing a high risk to data integrity.
Vulnerability
This vulnerability is categorized as CWE-863 (Incorrect Authorization). It permits an authenticated user with low privileges to perform unauthorized actions, potentially leading to unauthorized data modification or access.
Business impact
Successful exploitation of this vulnerability could lead to significant data compromise or unauthorized administrative actions within the application. Given the CVSS score of 8.1, this represents a high-severity risk that could undermine the integrity and confidentiality of business processes supported by the feishu component.
Remediation
Immediate Action: Update the @openclaw/feishu package to version 2026.6.9 or later.
Proactive Monitoring: Monitor application logs for unusual API calls or unauthorized attempts to access restricted functions by standard user accounts.
Compensating Controls: Implement strict role-based access control (RBAC) and review existing user permissions to ensure the principle of least privilege is enforced until the patch is applied.
Exploitation status
Public Exploit Available: No
Analyst recommendation
This vulnerability presents a high risk to organizational security due to the potential for unauthorized data manipulation. Security teams should prioritize updating the feishu package to version 2026.6.9 immediately to remediate the authorization bypass and prevent potential exploitation.