OpenClaw Information Disclosure Vulnerability in MS Teams Attachment Downloader

A vulnerability allowing information disclosure has been identified in OpenClaw versions through 2026.1.30. This issue resides in the MS Teams attachment downloader, which must be enabled as an optional extension. The vulnerability allows bearer tokens to be leaked to untrusted hosts that are on the suffix-based allowlist. This occurs when the application retries downloads after receiving 401 or 403 responses, inadvertently sending authorization tokens to these allowlisted domains, which could lead to token theft.

Impact

Exploitation of this vulnerability allows for the unauthorized disclosure of bearer tokens to untrusted hosts, potentially leading to unauthorized access to resources or actions on behalf of the user.

Reproduction

To reproduce this vulnerability, enable the MS Teams extension in OpenClaw versions through 2026.1.30. When an attachment is downloaded and a 401 or 403 response is received, the application will retry the download. During this process, authorization bearer tokens are sent to untrusted hosts that match the permissive suffix-based allowlist. If the allowlisted host is not Microsoft-owned, the token can be intercepted and potentially misused.

Remediation

Users can upgrade to OpenClaw version 2026.2.1 or later, where this vulnerability has been patched. If upgrading is not possible, the MS Teams extension can be disabled, or the authorization host allowlist can be made stricter by only including Microsoft-owned endpoints that require authentication.