CVE-2026-35670
Published: 10 April 2026
Summary
CVE-2026-35670 is a medium-severity Reliance on Untrusted Inputs in a Security Decision (CWE-807) vulnerability in Openclaw Openclaw. Its CVSS base score is 5.9 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 24.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 IA-4 (Identifier Management) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely identification, reporting, and correction of flaws like CVE-2026-35670 by patching to OpenClaw 2026.3.22, directly addressing the webhook rebinding vulnerability.
Mandates assignment and protection of unique, stable identifiers such as numeric user IDs over mutable usernames, preventing attackers from rebinding webhook replies.
Enforces approved access authorizations for information flows like webhook reply delivery, mitigating improper binding to unintended users when combined with stable identifiers.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The network-accessible webhook vulnerability in a public-facing application directly maps to T1190 for exploitation. The username rebinding flaw enables redirection of replies, facilitating T1565.002 for manipulation of transmitted data delivery and recipient binding.
NVD Description
OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to rebind chat replies to unintended users by exploiting mutable username matching instead of stable numeric user identifiers. Attackers can manipulate username changes to redirect webhook-triggered replies to…
more
different users, bypassing the intended recipient binding recorded in webhook events.
Deeper analysisAI
CVE-2026-35670 is a webhook reply delivery vulnerability in OpenClaw versions before 2026.3.22. It stems from the use of mutable username matching instead of stable numeric user identifiers, enabling attackers to rebind chat replies to unintended users. By manipulating username changes, attackers can redirect webhook-triggered replies, bypassing the intended recipient binding recorded in webhook events. The issue is classified under CWE-807 with a CVSS v3.1 base score of 5.9 (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N).
Attackers with low privileges can exploit this over the network, though it requires high attack complexity and no user interaction. Successful exploitation allows redirection of replies intended for specific users to others, potentially exposing sensitive information in replies (high confidentiality impact) and enabling minor manipulation of reply delivery (low integrity impact).
Mitigation involves updating to OpenClaw 2026.3.22 or later, as indicated by patches in GitHub commits 630f1479c44f78484dfa21bb407cbe6f171dac87 and 7ade3553b74ee3f461c4acd216653d5ba411f455. Further details are available in the GitHub security advisory at GHSA-wv46-v6xc-2qhf and the VulnCheck advisory on webhook reply rebinding via username resolution in Synology Chat.
Details
- CWE(s)