CVE-2026-34509
OpenClaw CVE-2026-34509 affects the Microsoft Teams plugin prior to version 2026.3.8. The vulnerability is a sender allowlist bypass: if a team/channel route allowlist uses an empty groupAllowFrom parameter, the message handler synthesizes wildcard sender authorization, allowing any sender within...