CVE-2026-35648

LOW

OpenClaw < 2026.3.22 - Policy Bypass via Unvalidated Queued Node Actions

Title source: cna

Description

OpenClaw before 2026.3.22 contains a policy bypass vulnerability where queued node actions are not revalidated against current command policy when delivered. Attackers can exploit stale allowlists or declarations that survive policy tightening to execute unauthorized commands.

References (4)

[Third Party Advisory] https://github.com/openclaw/openclaw/security/advisories/GHSA-wj55-88gf-x564

[Patch] https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87

[Patch] https://github.com/openclaw/openclaw/commit/ec2c6d83b9f5f91d6d9094842e0f19b88e63e3e2

View Patch ZIP pw:eip

[Third Party Advisory] https://www.vulncheck.com/advisories/openclaw-policy-bypass-via-unvalidated-queued-node-actions

Scores

CVSS v3 3.7

EPSS 0.0003

EPSS Percentile 8.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-367

Status published

Products (4)

npm/openclaw 0 - 2026.3.22npm

OpenClaw/OpenClaw < 2026.3.22

openclaw/openclaw < 2026.3.22

OpenClaw/OpenClaw 2026.3.22

Published Apr 10, 2026

Tracked Since Apr 10, 2026