Cyber Resilience

CVE-2026-35652

MediumPublic PoC

Published: 10 April 2026

Published
10 April 2026
Modified
13 April 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0042 33.5th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-35652 is a medium-severity Incorrect Behavior Order (CWE-696) vulnerability in Openclaw Openclaw. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 33.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2026-35652 is an authorization bypass vulnerability in OpenClaw versions before 2026.3.22. The flaw exists in the interactive callback dispatch mechanism, which permits non-allowlisted senders to execute action handlers. Attackers can exploit this by dispatching callbacks before normal security validation completes, thereby evading sender authorization checks and enabling unauthorized actions. The vulnerability is associated with CWE-696 and carries a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L).

Remote attackers can exploit this vulnerability over the network with low attack complexity, requiring no privileges, user interaction, or special setup. By timing callback dispatches to precede validation, non-allowlisted entities gain the ability to trigger action handlers, resulting in low-impact integrity and availability disruptions but no confidentiality loss.

Mitigation requires upgrading to OpenClaw 2026.3.22 or later. Patches addressing the issue are available in GitHub commits 630f1479c44f78484dfa21bb407cbe6f171dac87 and a47722de7e3c9cbda8d5512747ca7e3bb8f6ee66. Further details on the vulnerability and remediation are provided in the GitHub security advisory GHSA-8883-9w57-vwv6 and the VulnCheck advisory.

EU & UK References

Vulnerability details

OpenClaw before 2026.3.22 contains an authorization bypass vulnerability in interactive callback dispatch that allows non-allowlisted senders to execute action handlers. Attackers can bypass sender authorization checks by dispatching callbacks before normal security validation completes, enabling unauthorized actions.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Authorization bypass in network-accessible OpenClaw allows remote unauthenticated attackers to execute action handlers by evading validation, directly enabling exploitation of public-facing applications for unauthorized actions.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-35637Same product: Openclaw Openclaw
CVE-2026-35640Same product: Openclaw Openclaw
CVE-2026-32924Same product: Openclaw Openclaw
CVE-2026-41394Same product: Openclaw Openclaw
CVE-2026-43573Same product: Openclaw Openclaw
CVE-2026-31989Same product: Openclaw Openclaw
CVE-2026-28472Same product: Openclaw Openclaw
CVE-2026-41395Same product: Openclaw Openclaw
CVE-2026-32004Same product: Openclaw Openclaw
CVE-2026-43580Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.3.22

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Mandates enforcement of approved authorizations for access to system resources, directly countering the authorization bypass in interactive callback dispatch.

prevent

Requires a reference monitor mechanism to enforce access control policies for all subjects and objects, addressing the flawed sender validation timing in callback handling.

prevent

Applies least privilege to limit the scope and impact of unauthorized action handlers triggered by non-allowlisted senders.

References