GHSA-7vwx-582j-j332: OpenClaw MS Teams inbound attachment downloader leaks bearer tokens to allowlisted suffix domains

February 17, 2026

NOTE: This only affects deployments that enable the optional MS Teams extension (Teams channel). If you do not use MS Teams, you are not impacted.

When OpenClaw downloads inbound MS Teams attachments / inline images, it may retry a URL with an Authorization: Bearer <token> header after receiving 401 or 403.

Because the default download allowlist uses suffix matching (and includes some multi-tenant suffix domains), a message that references an untrusted but allowlisted host could cause that bearer token to be sent to the wrong place.

References

github.com/advisories/GHSA-7vwx-582j-j332
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/41cc5bcd4f1d434ad1bbdfa55b56f25025ecbf6b
github.com/openclaw/openclaw/releases/tag/v2026.2.1
github.com/openclaw/openclaw/security/advisories/GHSA-7vwx-582j-j332

Code Behaviors & Features

Detect and mitigate GHSA-7vwx-582j-j332 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →