CVE-2026-62224
Severity CVSS v4.0:
LOW
Type:
Unavailable / Other
Publication date:
17/07/2026
Last modified:
17/07/2026
Description
OpenClaw MS Teams before 2026.5.12 contain an authorization bypass vulnerability where the allowFrom feature binds to mutable display names. Attackers with lower-trust access can perform actions requiring stronger authorization by exploiting the mutable display name binding in the affected feature.
Impact
Base Score 4.0
2.30
Severity 4.0
LOW
Base Score 3.x
5.40
Severity 3.x
MEDIUM



