CVE-2026-49139 Nanobot < 0.2.1 SSRF via Microsoft Teams Channel serviceUrl Poisoning

Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by supplying a forged activity with an attacker-controlled serviceUrl value. Attackers can poison the...

EUVD-2026-17395

OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plugin that allows unauthorized senders to bypass intended authorization checks. When a team/channel route allowlist is configured with an empty groupAllowFrom parameter, the message handler synthesiz...

EUVD-2026-17391

OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plugin that allows unauthorized senders to bypass intended authorization checks. When a team/channel route allowlist is configured with an empty groupAllowFrom parameter, the message handler synthesiz...

CVE-2025-38678

creationtimestamp| type| source ---|---|--- 2025-11-24 15:00:07+00:00| published-proof-of-concept| Telegram/5Go4y9Sp59a8HRsoMaTj0X-e6nFTkvRgJdqk6vUB2AgWKv0 2025-11-27 07:58:22+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/60913...

GHSA-4CX5-89VM-833X

creationtimestamp| type| source ---|---|--- 2024-11-30 06:58:11+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/9255...