2 matches found
CVE-2026-41365
OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability in MS Teams thread history fetched via Graph API. Attackers can retrieve thread messages that should be filtered by sender allowlists, bypassing message filtering restrictions...
GHSA-CHFM-XGC4-47RJ OpenClaw: MSTeams thread history bypasses sender allowlist via Graph API
Summary MSTeams thread history bypasses sender allowlist via Graph API Current Maintainer Triage - Status: open - Normalized severity: medium - Assessment: Real in shipped v2026.3.28 MS Teams because Graph-fetched thread history bypasses sender allowlists, with unreleased mainline filtering fix...