CVE-2026-35652

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.22

Description OpenClaw contains an authorization bypass in interactive callback dispatch. Non-allowlisted senders can execute action handlers by dispatching callbacks before security validation is complete, bypassing sender authorization checks. This allows unauthorized actions.

Recommendations Update to version 2026.3.22 or later.

Fix

Improper Authorization

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-696CWE-863

Related Identifiers

CVE-2026-35652

GHSA-8883-9W57-VWV6

Affected Products

Openclaw

CVE-2026-35652

Weakness Enumeration

Related Identifiers

Affected Products

References · 8