CVE-2026-35621— OpenClaw < 2026.3.24 - Privilege Escalation via chat.send to Allowlist Persistence
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-35621
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenClaw < 2026.3.24 - Privilege Escalation via chat.send to Allowlist Persistence
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenClaw before 2026.3.24 contains a privilege escalation vulnerability where the /allowlist command fails to re-validate gateway client scopes for internal callers, allowing operator.write-scoped clients to mutate channel authorization policy. Attackers can exploit chat.send to build an internal command-authorized context and persist channel allowFrom and groupAllowFrom policy changes reserved for operator.admin scope.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenClaw 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.3.24之前版本存在安全漏洞,该漏洞源于/allowlist命令未能为内部调用者重新验证网关客户端范围,可能导致具有operator.write范围的客户端修改通道授权策略,实现权限提升。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-35621
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-35621
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-35621 (2)
Same Patch Batch · OpenClaw · 2026-04-10 · 29 CVEs total
| CVE-2026-35669 | 8.8 HIGH | OpenClaw < 2026.3.25 - Privilege Escalation via Gateway Plugin HTTP Authentication Scope |
| CVE-2026-35666 | 8.8 HIGH | OpenClaw < 2026.3.22 - Allowlist Bypass via Unregistered Time Dispatch Wrapper |
| CVE-2026-35643 | 8.8 HIGH | OpenClaw < 2026.3.22 - Arbitrary Code Execution via Unvalidated WebView JavascriptInterfac |
| CVE-2026-35663 | 8.8 HIGH | OpenClaw < 2026.3.25 - Privilege Escalation via Backend Reconnect Scope Self-Claim |
| CVE-2026-35660 | 8.1 HIGH | OpenClaw < 2026.3.23 - Insufficient Access Control in Gateway Agent Session Reset |
| CVE-2026-35653 | 8.1 HIGH | OpenClaw < 2026.3.24 - Incorrect Authorization in POST /reset-profile via browser.request |
| CVE-2026-35641 | 7.8 HIGH | OpenClaw < 2026.3.24 - Arbitrary Code Execution via .npmrc in Local Plugin/Hook Installati |
| CVE-2026-35668 | 7.7 HIGH | OpenClaw < 2026.3.24 - Sandbox Media Root Bypass via Unnormalized mediaUrl and fileUrl Par |
| CVE-2026-35650 | 7.5 HIGH | OpenClaw < 2026.3.22 - Environment Variable Override Bypass via Inconsistent Sanitization |
| CVE-2026-35656 | 6.5 MEDIUM | OpenClaw < 2026.3.22 - XFF Loopback Spoofing Bypass in Canvas Authentication and Rate Limi |
| CVE-2026-35649 | 6.5 MEDIUM | OpenClaw < 2026.3.22 - Settings Reconciliation Bypass via Empty Allowlist |
| CVE-2026-35652 | 6.5 MEDIUM | OpenClaw < 2026.3.22 - Unauthorized Action Execution via Callback Dispatch |
| CVE-2026-35657 | 6.5 MEDIUM | OpenClaw < 2026.3.25 - Authorization Bypass in HTTP Session History Route |
| CVE-2026-35658 | 6.5 MEDIUM | OpenClaw < 2026.3.2 - Filesystem Boundary Bypass in Image Tool |
| CVE-2026-35667 | 6.1 MEDIUM | OpenClaw < 2026.3.24 - Improper Process Termination via Unpatched killProcessTree in shell |
| CVE-2026-35670 | 5.9 MEDIUM | OpenClaw < 2026.3.22 - Webhook Reply Rebinding via Username Resolution in Synology Chat |
| CVE-2026-35655 | 5.7 MEDIUM | OpenClaw < 2026.3.22 - Identity Spoofing via rawInput Tool in ACP Permission Resolution |
| CVE-2026-35620 | 5.4 MEDIUM | OpenClaw < 2026.3.24 - Missing Authorization in /send and /allowlist Chat Commands |
| CVE-2026-35654 | 5.3 MEDIUM | OpenClaw < 2026.3.25 - Authorization Bypass in Microsoft Teams Feedback Invoke |
| CVE-2026-35661 | 5.3 MEDIUM | OpenClaw < 2026.3.25 - Telegram DM-Scoped Inline Button Callback Authorization Bypass |
Showing top 20 of 29 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: OpenClaw
- CVE-2026-35674
OpenClaw < 2026.5.18 - Scope Bypass via Inherited chat.send - CVE-2026-35673
OpenClaw < 2026.4.29 - SSRF Policy Bypass via Browser Debug/ - CVE-2026-35630
OpenClaw < 2026.5.18 - QQBot Missing Approver Identity Enfor - CVE-2026-34507
OpenClaw < 2026.4.29 - Policy Bypass in QQBot Admin Command - CVE-2026-32906
OpenClaw < 2026.5.12 - Privilege Escalation in Slack Plugin
Same vendor: OpenClaw
- CVE-2026-35674
OpenClaw < 2026.5.18 - Scope Bypass via Inherited chat.send - CVE-2026-35673
OpenClaw < 2026.4.29 - SSRF Policy Bypass via Browser Debug/ - CVE-2026-35630
OpenClaw < 2026.5.18 - QQBot Missing Approver Identity Enfor - CVE-2026-34507
OpenClaw < 2026.4.29 - Policy Bypass in QQBot Admin Command - CVE-2026-32906
OpenClaw < 2026.5.12 - Privilege Escalation in Slack Plugin
Same weakness: CWE-862
- CVE-2026-31942
LibreChat has IDOR in API Keys Management that allows any au - CVE-2026-10616
nextlevelbuilder GoClaw Team Task Completion team_tasks_life - CVE-2026-40571
NamelessMC: Reactions on private or blocking profile posts c - CVE-2026-40314
NamelessMC: Reactions on private or blocking profile posts c - CVE-2026-35443
NamelessMC: Forum reactions bypass the "view own topics only
V. Comments for CVE-2026-35621
No comments yet