Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

msteams

Source -

CNA

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found

CVE-2026-62224
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-2.3||LOW
EPSS-Not Assigned
Published-17 Jul, 2026 | 00:07
Updated-17 Jul, 2026 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw MS Teams < 2026.5.12 Authorization Bypass

OpenClaw MS Teams before 2026.5.12 contain an authorization bypass vulnerability where the allowFrom feature binds to mutable display names. Attackers with lower-trust access can perform actions requiring stronger authorization by exploiting the mutable display name binding in the affected feature.

Action-Not Available
Vendor-OpenClaw
Product-msteams
CWE ID-CWE-290
Authentication Bypass by Spoofing
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-62214
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-6||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 00:06
Updated-17 Jul, 2026 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.28 Bot Framework SSRF via serviceUrl Parameter Validation

OpenClaw versions before 2026.5.28 Bot Framework contains an improper input validation vulnerability that allows lower-trust callers to expose bot tokens and credentials by failing to properly validate serviceUrl parameters. Attackers can supply malicious serviceUrl values through configured input paths to retrieve sensitive authentication data outside the trusted boundary.

Action-Not Available
Vendor-OpenClaw
Product-msteams
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2026-62213
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-6||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 00:06
Updated-17 Jul, 2026 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.27 Token Leakage via MS Teams Outbound Requests

OpenClaw versions before 2026.5.27 contain a token leakage vulnerability in MS Teams outbound requests that allows lower-trust callers to expose Bot Framework tokens. Attackers can access configured input paths to retrieve credentials that should remain within the trusted boundary.

Action-Not Available
Vendor-OpenClaw
Product-msteams
CWE ID-CWE-522
Insufficiently Protected Credentials