CVE ID :CVE-2026-34506 Published : March 31, 2026, 11:17 a.m. | 39 minutes ago Description :OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plugin that allows unauthorized senders to bypass intended authorization checks. When a team/channel route allowlist is configured with an empty groupAllowFrom parameter, the message handler synthesizes wildcard sender authorization, permitting any sender in the matched team/channel to trigger replies in allowlisted Teams routes. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...