Claude CodeOpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in the Feishu allowFrom allowlist implementation that accepts mutable sender display names instead of enforcing ID-only matching. An attacker can set a display name equal to an allowlisted ID string to bypass authorization checks and gain unauthorized access.
How AI Introduced This
Yes. The AI-coauthored commit 2267d58afcc70fe19408b8f0dce108c340f3426d introduced the Feishu regression by replacing the prior ID-only Feishu allowlist logic with code that accepts `senderName` and by feeding mutable profile display names into sender allowlist checks. A later AI-tagged commit (5c2cb6c591e4b63c2df0549ad2202403256e2a96) only reformatted nearby code and did not materially affect authorization; later non-AI commits expanded the same flaw to command and DM authorization paths.
▶Attribution Chain
▶Bug-Introducing Commits(2)
Deep Verification
by investigator-overrideYes. The AI-coauthored commit 2267d58afcc70fe19408b8f0dce108c340f3426d introduced the Feishu regression by replacing the prior ID-only Feishu allowlist logic with code that accepts `senderName` and by feeding mutable profile display names into sender allowlist checks. A later AI-tagged commit (5c2cb6c591e4b63c2df0549ad2202403256e2a96) only reformatted nearby code and did not materially affect authorization; later non-AI commits expanded the same flaw to command and DM authorization paths.