CVE-2026-35622

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.22

Description OpenClaw contains an improper authentication verification issue in Google Chat app-url webhook handling. The application accepts add-on principals outside of intended deployment bindings, allowing attackers to bypass webhook authentication. By providing non-deployment add-on principals, attackers can execute unauthorized actions through the Google Chat integration.

Recommendations Update to version 2026.3.22 or later.

Fix

Authentication Bypass by Spoofing

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-290CWE-863

Related Identifiers

CVE-2026-35622

GHSA-HGWR-WR8H-RXM7

GHSA-MP66-RF4F-MHH8

Affected Products

Google Chat

Openclaw

CVE-2026-35622

Weakness Enumeration

Related Identifiers

Affected Products

References · 9