CVE-2026-35659

MEDIUM

OpenClaw < 2026.3.22 - Unresolved Service Metadata Routing via Bonjour and DNS-SD Discovery

Title source: cna

Description

OpenClaw before 2026.3.22 contains a service discovery vulnerability where TXT metadata from Bonjour and DNS-SD could influence CLI routing even when actual service resolution failed. Attackers can exploit unresolved hints to steer routing decisions to unintended targets by providing malicious discovery metadata.

References (4)

Scores

CVSS v3 4.6
EPSS 0.0001
EPSS Percentile 0.5%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Details

CWE
CWE-345
Status published
Products (4)
npm/openclaw 0 - 2026.3.22npm
OpenClaw/OpenClaw < 2026.3.22
openclaw/openclaw < 2026.3.22
OpenClaw/OpenClaw 2026.3.22
Published Apr 10, 2026
Tracked Since Apr 10, 2026