Time-of-check Time-of-use (TOCTOU) Race Condition in OpenClaw - #VU135895
Published: June 30, 2026
OpenClaw
Detailed vulnerability description
The vulnerability allows a remote user to perform actions that should have required a stronger authorization or policy check.
The vulnerability exists due to a time-of-check time-of-use race condition in the MS Teams safeFetch feature when processing lower-trust caller or configured input paths. A remote user can trigger a DNS rebinding race to perform actions that should have required a stronger authorization or policy check.
Only instances where the affected feature is enabled and reachable are vulnerable, and practical impact depends on whether lower-trust input can reach that path.