CVE-2026-32974: OpenClaw Feishu Webhook Vulnerability Advisory
RedPacket Security has published an advisory for CVE-2026-32974, a high-severity vulnerability in OpenClaw's Feishu webhook endpoint. The flaw allows an attacker to send crafted requests directly to the endpoint with low complexity and no prior privileges required — a concerning combination for any deployment with Feishu integration enabled.
A companion vulnerability, CVE-2026-32978, affects the script runner approval bypass, which could allow unauthorized script execution. Both issues are rated high-severity and underscore the importance of keeping OpenClaw installations up to date, especially for teams running the framework in production environments with external messaging integrations. If you're running Feishu webhooks, patching should be a priority.