CVE-2026-35648

LOW

OpenClaw < 2026.3.22 - Policy Bypass via Unvalidated Queued Node Actions

Title source: cna

Description

OpenClaw before 2026.3.22 contains a policy bypass vulnerability where queued node actions are not revalidated against current command policy when delivered. Attackers can exploit stale allowlists or declarations that survive policy tightening to execute unauthorized commands.

References (4)

Core 4

Core References

Third Party Advisory third-party-advisory

GitHub Security Advisory (GHSA-wj55-88gf-x564)

https://github.com/openclaw/openclaw/security/advisories/GHSA-wj55-88gf-x564

Patch patch

Patch Commit #1

https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87

View Patch ZIP pw:eip

Patch patch

Patch Commit #2

https://github.com/openclaw/openclaw/commit/ec2c6d83b9f5f91d6d9094842e0f19b88e63e3e2

View Patch ZIP pw:eip

Third Party Advisory third-party-advisory

VulnCheck Advisory: OpenClaw < 2026.3.22 - Policy Bypass via Unvalidated Queued Node Actions

https://www.vulncheck.com/advisories/openclaw-policy-bypass-via-unvalidated-queued-node-actions

Scores

CVSS v3 3.7

EPSS 0.0022

EPSS Percentile 12.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-367

Status published

Products (4)

npm/openclaw 0 - 2026.3.22npm

OpenClaw/OpenClaw < 2026.3.22

openclaw/openclaw < 2026.3.22

OpenClaw/OpenClaw 2026.3.22

Published Apr 10, 2026

Tracked Since Apr 10, 2026