@openclaw/msteams 2026.2.23 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the @openclaw/msteams package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L Incorrect Authorization @openclaw/msteams is an OpenClaw Microsoft Teams channel plugin Affected versions of this package are vulnerable to Incorrect Authorization through improper access control in the pairing store process. An attacker can gain unauthorized access to another account's direct message pairing by leveraging approval from a different account in multi-account deployments. How to fix Incorrect Authorization? Upgrade `@openclaw/msteams` to version 2026.3.1 or higher.	<2026.3.1
M Missing Authorization @openclaw/msteams is an OpenClaw Microsoft Teams channel plugin Affected versions of this package are vulnerable to Missing Authorization via `fileConsent/invoke`. An attacker can access or manipulate pending file uploads belonging to other conversations by providing a valid `uploadId` within its time-to-live period, allowing unauthorized completion or cancellation of uploads across conversations. How to fix Missing Authorization? Upgrade `@openclaw/msteams` to version 2026.2.25 or higher.	<2026.2.25
L Server-side Request Forgery (SSRF) @openclaw/msteams is an OpenClaw Microsoft Teams channel plugin Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via inconsistent enforcement of host and DNS policies in the media fetch process. An attacker can access internal network resources or unintended hosts by exploiting fetch paths that bypass shared guard logic. How to fix Server-side Request Forgery (SSRF)? Upgrade `@openclaw/msteams` to version 2026.3.1 or higher.	<2026.3.1

Vulnerability

Vulnerable Version

Incorrect Authorization

@openclaw/msteams is an OpenClaw Microsoft Teams channel plugin

Affected versions of this package are vulnerable to Incorrect Authorization through improper access control in the pairing store process. An attacker can gain unauthorized access to another account's direct message pairing by leveraging approval from a different account in multi-account deployments.

How to fix Incorrect Authorization?

Upgrade @openclaw/msteams to version 2026.3.1 or higher.

<2026.3.1

Missing Authorization

@openclaw/msteams is an OpenClaw Microsoft Teams channel plugin

Affected versions of this package are vulnerable to Missing Authorization via fileConsent/invoke. An attacker can access or manipulate pending file uploads belonging to other conversations by providing a valid uploadId within its time-to-live period, allowing unauthorized completion or cancellation of uploads across conversations.

How to fix Missing Authorization?

Upgrade @openclaw/msteams to version 2026.2.25 or higher.

<2026.2.25

Server-side Request Forgery (SSRF)

@openclaw/msteams is an OpenClaw Microsoft Teams channel plugin

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via inconsistent enforcement of host and DNS policies in the media fetch process. An attacker can access internal network resources or unintended hosts by exploiting fetch paths that bypass shared guard logic.

How to fix Server-side Request Forgery (SSRF)?

Upgrade @openclaw/msteams to version 2026.3.1 or higher.

<2026.3.1

@openclaw/msteams@2026.2.23 vulnerabilities

OpenClaw Microsoft Teams channel plugin

latest version

latest non vulnerable version

first published

latest version published

Direct Vulnerabilities

Fix vulnerabilities automatically