CVE-2026-62188

OpenClaw · feishu

The @openclaw/feishu package contains an incorrect authorization vulnerability that allows authenticated users to perform unauthorized actions.

Executive summary

An incorrect authorization flaw in the OpenClaw feishu package allows authenticated attackers to bypass security controls, posing a high risk to data integrity.

Vulnerability

This vulnerability is categorized as CWE-863 (Incorrect Authorization). It permits an authenticated user with low privileges to perform unauthorized actions, potentially leading to unauthorized data modification or access.

Business impact

Successful exploitation of this vulnerability could lead to significant data compromise or unauthorized administrative actions within the application. Given the CVSS score of 8.1, this represents a high-severity risk that could undermine the integrity and confidentiality of business processes supported by the feishu component.

Remediation

Immediate Action: Update the @openclaw/feishu package to version 2026.6.9 or later.

Proactive Monitoring: Monitor application logs for unusual API calls or unauthorized attempts to access restricted functions by standard user accounts.

Compensating Controls: Implement strict role-based access control (RBAC) and review existing user permissions to ensure the principle of least privilege is enforced until the patch is applied.

Exploitation status

Public Exploit Available: No

Analyst recommendation

This vulnerability presents a high risk to organizational security due to the potential for unauthorized data manipulation. Security teams should prioritize updating the feishu package to version 2026.6.9 immediately to remediate the authorization bypass and prevent potential exploitation.