External risk intelligence

OpenClaw can be taken over by attackers allowing them to run any command.

CVE advisorySeverity: CRITICAL (CVSS 9.2)

CVE-2026-44109

OpenClaw systems have a critical flaw allowing attackers to run any command by bypassing security checks, potentially impacting Feishu integrations.

5Halo Surface Signal

Authentication Bypass

Openclaw

before 2026.4.15

External exposure likelihood

Halo Surface Signal score for CVE-2026-44109

The vulnerability exists within webhook and card-action endpoints, which are designed to receive external traffic from integration services like Feishu. These interfaces must be internet-accessible to function correctly, establishing them as public-facing services by design.

PCI scan relevance

PCI Relevance for CVE-2026-44109

Yes

CVE-2026-44109 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This vulnerability allows unauthenticated requests to bypass signature verification and execute arbitrary commands, which could lead to a PCI ASV scan failure due to potential for remote code execution.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Horizon Alert

Summary of the vulnerability and why it matters

This vulnerability in OpenClaw allows unauthenticated requests to execute arbitrary commands by bypassing signature verification. It occurs when Feishu webhook and card-action validation fail to properly check for missing configuration or empty tokens.

  • Commands can be executed remotely.
  • Integration services are a potential target.
  • Existing access can be exploited.

Attack Path

How an attacker could exploit the issue

An attacker can exploit this flaw by sending unauthenticated requests to the Feishu webhook or card-action endpoints. If the instance is misconfigured with a missing encryptKey or a blank callback token, these requests will bypass signature verification and replay protection. This allows the attacker to execute arbitrary commands on the affected system.

  • Target Feishu webhook/card-action endpoints.
  • Exploit misconfigurations in encryptKey/callback token.
  • Bypass signature verification and replay protection.

Live Threat

Current exploitation, exposure, and threat context

This authentication bypass vulnerability in OpenClaw's Feishu integration allows unauthenticated attackers to execute arbitrary commands by exploiting misconfigurations like missing encryption keys and blank callback tokens. Attackers will likely target this because it provides a direct path to command execution on affected systems with minimal prerequisites.

  • Exploits missing encryption keys.
  • Exploits blank callback tokens.
  • Allows arbitrary command execution.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize blocking unauthenticated requests to Feishu webhook and card-action endpoints immediately, as this critical vulnerability allows arbitrary command execution. Investigate logs for any signs of exploitation and inventory all affected OpenClaw services to assess potential exposure. If OpenClaw has not been patched to version 2026.4.15 or later, consider taking affected services offline or isolating them to prevent further compromise.

  • Block unauthenticated webhook traffic.
  • Inventory and isolate affected services.
  • Patch OpenClaw to 2026.4.15.

Frequently asked questions

What is OpenClaw and what is it used for?

OpenClaw is a software used for integrating with services like Feishu, particularly for handling webhooks and card-action functionalities. These integrations allow other applications to send automated notifications or trigger actions within OpenClaw.

What is the weakness in CVE-2026-44109?

CVE-2026-44109 is an authentication bypass vulnerability, classified as CWE-1188. It allows unauthenticated attackers to execute arbitrary commands by exploiting how OpenClaw validates requests from Feishu webhooks and card-action features.

How can an attacker exploit this OpenClaw vulnerability?

An attacker can exploit this by sending unauthenticated requests to the Feishu webhook or card-action endpoints. If the OpenClaw instance is misconfigured with a missing encryptKey or an empty callback token, these requests will bypass security checks, allowing command execution. Requests made with proper configuration will not trigger the bug.

Who should be concerned about this OpenClaw CVE?

Organizations running OpenClaw that integrates with Feishu should be concerned, especially if these integrations are internet-facing. The Halo Surface Signal indicates a very likely exposure because webhook and card-action endpoints are designed to accept external traffic.

What is the first step to address this CVE in OpenClaw?

The immediate first step is to ensure OpenClaw is updated to version 2026.4.15 or later. If an update is not immediately possible, consider blocking unauthenticated requests to the affected Feishu endpoints or isolating the OpenClaw services to prevent potential compromise.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified