PT-2026-31970 · Openclaw · Openclaw
Keensecuritylab
+1
·
Published
2026-03-26
·
Updated
2026-04-10
·
CVE-2026-35659
CVSS v3.1
6.3
Medium
| Vector | AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
OpenClaw versions prior to 2026.3.22
Description
The software contains a service discovery issue where TXT metadata from Bonjour and DNS-SD could influence command-line interface (CLI) routing even when service resolution failed. Attackers can exploit unresolved hints to redirect routing decisions to unintended targets by providing malicious discovery metadata.
Recommendations
Update to version 2026.3.22 or later.
Fix
Insufficient Verification of Data Authenticity
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Openclaw