CVE-2026-35624
MEDIUMOpenClaw < 2026.3.22 - Policy Confusion via Room Name Collision in Nextcloud Talk
Title source: cnaDescription
OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room names instead of stable room tokens. Attackers can exploit similarly named rooms to bypass allowlist policies and gain unauthorized access to protected Nextcloud Talk rooms.
References (4)
Core 4
Core References
Third Party Advisory third-party-advisory
GitHub Security Advisory (GHSA-xhq5-45pm-2gjr)
https://github.com/openclaw/openclaw/security/advisories/GHSA-xhq5-45pm-2gjr
Patch patch
Patch Commit #1
https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87
Patch patch
Patch Commit #2
https://github.com/openclaw/openclaw/commit/a47722de7e3c9cbda8d5512747ca7e3bb8f6ee66
Third Party Advisory third-party-advisory
VulnCheck Advisory: OpenClaw < 2026.3.22 - Policy Confusion via Room Name Collision in Nextcloud Talk
https://www.vulncheck.com/advisories/openclaw-policy-confusion-via-room-name-collision-in-nextcloud-talk
Scores
CVSS v3
4.2
EPSS
0.0024
EPSS Percentile
15.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-807
Status
published
Products (4)
npm/openclaw
0 - 2026.3.22npm
OpenClaw/OpenClaw
< 2026.3.22
openclaw/openclaw
< 2026.3.22
OpenClaw/OpenClaw
2026.3.22
Published
Apr 09, 2026
Tracked Since
Apr 10, 2026