CVE-2026-35664

MEDIUM

OpenClaw < 2026.3.25 - DM Pairing Bypass via Legacy Card Callbacks

Title source: cna

Description

OpenClaw before 2026.3.25 contains an authentication bypass vulnerability in raw card send surface that allows unpaired recipients to mint legacy callback payloads. Attackers can send raw card commands to bypass DM pairing restrictions and reach callback handling without proper authorization.

References (3)

Core 3

Core References

Third Party Advisory third-party-advisory

GitHub Security Advisory (GHSA-77w2-crqv-cmv3)

https://github.com/openclaw/openclaw/security/advisories/GHSA-77w2-crqv-cmv3

Patch patch

Patch Commit

https://github.com/openclaw/openclaw/commit/81c45976db532324b5a0918a70decc19520dc354

View Patch ZIP pw:eip

Third Party Advisory third-party-advisory

VulnCheck Advisory: OpenClaw < 2026.3.25 - DM Pairing Bypass via Legacy Card Callbacks

https://www.vulncheck.com/advisories/openclaw-dm-pairing-bypass-via-legacy-card-callbacks

Scores

CVSS v3 5.3

EPSS 0.0028

EPSS Percentile 19.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-288

Status published

Products (4)

npm/openclaw 0 - 2026.3.28npm

OpenClaw/OpenClaw < 2026.3.25

openclaw/openclaw < 2026.3.25

OpenClaw/OpenClaw 2026.3.25

Published Apr 10, 2026

Tracked Since Apr 10, 2026