CVE-2026-35622
Published: 09 April 2026
Summary
CVE-2026-35622 is a medium-severity Authentication Bypass by Spoofing (CWE-290) vulnerability in Openclaw Openclaw. Its CVSS base score is 5.9 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-9 (Service Identification and Authentication).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires authentication of external services like Google Chat webhooks using valid deployment-bound principals before allowing actions.
Enforces approved access authorizations in webhook handling to reject unauthorized add-on principals outside deployment bindings.
Directly mitigates the improper authentication flaw by identifying, reporting, and applying patches from specified OpenClaw commits.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is an authentication bypass (CWE-290) in a public-facing Google Chat webhook handler, directly enabling T1190 by allowing unauthorized actions via exploitation of the exposed integration component.
NVD Description
OpenClaw before 2026.3.22 contains an improper authentication verification vulnerability in Google Chat app-url webhook handling that accepts add-on principals outside intended deployment bindings. Attackers can bypass webhook authentication by providing non-deployment add-on principals to execute unauthorized actions through the Google…
more
Chat integration.
Deeper analysisAI
CVE-2026-35622, published on 2026-04-09, is an improper authentication verification vulnerability (CWE-290) in OpenClaw versions before 2026.3.22. The flaw affects the Google Chat app-url webhook handling component, which incorrectly accepts add-on principals outside the intended deployment bindings. This allows attackers to bypass webhook authentication by supplying non-deployment add-on principals, enabling unauthorized actions through the Google Chat integration. The vulnerability has a CVSS v3.1 base score of 5.9 (AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N).
Attackers with low privileges (PR:L) can exploit this over the network (AV:N), though it requires high attack complexity (AC:H) and no user interaction (UI:N). By providing unauthorized add-on principals, they can bypass authentication checks in the webhook, leading to execution of unintended actions via the Google Chat integration. Impacts include low confidentiality loss, high integrity compromise, and no availability disruption, all within unchanged scope.
Mitigation details are available in OpenClaw GitHub commits 630f1479c44f78484dfa21bb407cbe6f171dac87 and a47722de7e3c9cbda8d5512747ca7e3bb8f6ee66, which address the authentication flaw. Security practitioners should review the GitHub security advisory at GHSA-mp66-rf4f-mhh8 and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-improper-authentication-verification-in-google-chat-webhook for patch deployment guidance and full remediation steps.
Details
- CWE(s)