PT-2026-31970 · Openclaw · Openclaw
Keensecuritylab
+1
·
Published
2026-04-10
·
Updated
2026-04-10
·
CVE-2026-35659
CVSS v3.1
4.6
Medium
| AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
OpenClaw before 2026.3.22 contains a service discovery vulnerability where TXT metadata from Bonjour and DNS-SD could influence CLI routing even when actual service resolution failed. Attackers can exploit unresolved hints to steer routing decisions to unintended targets by providing malicious discovery metadata.
Fix
Insufficient Verification of Data Authenticity
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openclaw