Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-35655

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-10 Apr, 2026 | 16:03
Updated At-10 Apr, 2026 | 20:18
Rejected At-
Credits

OpenClaw < 2026.3.22 - Identity Spoofing via rawInput Tool in ACP Permission Resolution

OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicting tool identity hints from rawInput and metadata. Attackers can spoof tool identities through rawInput parameters to suppress dangerous-tool prompting and bypass security restrictions.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:10 Apr, 2026 | 16:03
Updated At:10 Apr, 2026 | 20:18
Rejected At:
â–¼CVE Numbering Authority (CNA)
OpenClaw < 2026.3.22 - Identity Spoofing via rawInput Tool in ACP Permission Resolution

OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicting tool identity hints from rawInput and metadata. Attackers can spoof tool identities through rawInput parameters to suppress dangerous-tool prompting and bypass security restrictions.

Affected Products
Vendor
OpenClawOpenClaw
Product
OpenClaw
Default Status
unaffected
Versions
Affected
  • From 0 before 2026.3.22 (semver)
Unaffected
  • 2026.3.22 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-807CWE-807 Reliance on Untrusted Inputs in a Security Decision
Type: CWE
CWE ID: CWE-807
Description: CWE-807 Reliance on Untrusted Inputs in a Security Decision
Metrics
VersionBase scoreBase severityVector
4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3.15.7MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Version: 3.1
Base score: 5.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
Peng Zhou (@zpbrent)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/openclaw/openclaw/security/advisories/GHSA-74wf-h43j-vvmj
third-party-advisory
https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87
patch
https://github.com/openclaw/openclaw/commit/e4c61723cd2d530680cc61789311d464ab8cdf60
patch
https://www.vulncheck.com/advisories/openclaw-identity-spoofing-via-rawinput-tool-in-acp-permission-resolution
third-party-advisory
Hyperlink: https://github.com/openclaw/openclaw/security/advisories/GHSA-74wf-h43j-vvmj
Resource:
third-party-advisory
Hyperlink: https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87
Resource:
patch
Hyperlink: https://github.com/openclaw/openclaw/commit/e4c61723cd2d530680cc61789311d464ab8cdf60
Resource:
patch
Hyperlink: https://www.vulncheck.com/advisories/openclaw-identity-spoofing-via-rawinput-tool-in-acp-permission-resolution
Resource:
third-party-advisory
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:10 Apr, 2026 | 17:17
Updated At:13 Apr, 2026 | 21:07

OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicting tool identity hints from rawInput and metadata. Attackers can spoof tool identities through rawInput parameters to suppress dangerous-tool prompting and bypass security restrictions.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.15.7MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
Type: Secondary
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 5.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
CPE Matches
OpenClaw
openclaw
>>openclaw>>Versions before 2026.3.22(exclusive)
cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Weaknesses
CWE IDTypeSource
CWE-807Primarydisclosure@vulncheck.com
CWE ID: CWE-807
Type: Primary
Source: disclosure@vulncheck.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87disclosure@vulncheck.com
Patch
https://github.com/openclaw/openclaw/commit/e4c61723cd2d530680cc61789311d464ab8cdf60disclosure@vulncheck.com
Patch
https://github.com/openclaw/openclaw/security/advisories/GHSA-74wf-h43j-vvmjdisclosure@vulncheck.com
Vendor Advisory
https://www.vulncheck.com/advisories/openclaw-identity-spoofing-via-rawinput-tool-in-acp-permission-resolutiondisclosure@vulncheck.com
Third Party Advisory
Hyperlink: https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87
Source: disclosure@vulncheck.com
Resource:
Patch
Hyperlink: https://github.com/openclaw/openclaw/commit/e4c61723cd2d530680cc61789311d464ab8cdf60
Source: disclosure@vulncheck.com
Resource:
Patch
Hyperlink: https://github.com/openclaw/openclaw/security/advisories/GHSA-74wf-h43j-vvmj
Source: disclosure@vulncheck.com
Resource:
Vendor Advisory
Hyperlink: https://www.vulncheck.com/advisories/openclaw-identity-spoofing-via-rawinput-tool-in-acp-permission-resolution
Source: disclosure@vulncheck.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

7Records found
CVE-2026-35624
Matching Score-6
Assigner-VulnCheck
ShareView Details
Matching Score-6
Assigner-VulnCheck
CVSS Score-2.3||LOW
EPSS-0.06% / 18.52%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 21:26
Updated-17 Apr, 2026 | 12:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.3.22 - Policy Confusion via Room Name Collision in Nextcloud Talk

OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room names instead of stable room tokens. Attackers can exploit similarly named rooms to bypass allowlist policies and gain unauthorized access to protected Nextcloud Talk rooms.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-807
Reliance on Untrusted Inputs in a Security Decision
CVE-2026-35617
Matching Score-6
Assigner-VulnCheck
ShareView Details
Matching Score-6
Assigner-VulnCheck
CVSS Score-2.3||LOW
EPSS-0.06% / 17.46%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 21:26
Updated-16 Apr, 2026 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.3.25 - Authorization Bypass via Group Policy Rebinding with Mutable Space displayName

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy enforcement that relies on mutable space display names. Attackers can rebind group policies by changing or colliding space display names to gain unauthorized access to protected resources.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-807
Reliance on Untrusted Inputs in a Security Decision
CVE-2026-35670
Matching Score-6
Assigner-VulnCheck
ShareView Details
Matching Score-6
Assigner-VulnCheck
CVSS Score-6||MEDIUM
EPSS-0.08% / 24.18%
||
7 Day CHG~0.00%
Published-10 Apr, 2026 | 16:03
Updated-14 Apr, 2026 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.3.22 - Webhook Reply Rebinding via Username Resolution in Synology Chat

OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to rebind chat replies to unintended users by exploiting mutable username matching instead of stable numeric user identifiers. Attackers can manipulate username changes to redirect webhook-triggered replies to different users, bypassing the intended recipient binding recorded in webhook events.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-807
Reliance on Untrusted Inputs in a Security Decision
CVE-2026-32057
Matching Score-6
Assigner-VulnCheck
ShareView Details
Matching Score-6
Assigner-VulnCheck
CVSS Score-6||MEDIUM
EPSS-0.11% / 28.88%
||
7 Day CHG+0.01%
Published-21 Mar, 2026 | 00:42
Updated-25 Mar, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.2.25 - Authentication Bypass via Control UI client.id Parameter

OpenClaw versions prior to 2026.2.25 contain an authentication bypass vulnerability in the trusted-proxy Control UI pairing mechanism that accepts client.id=control-ui without proper device identity verification. An authenticated node role websocket client can exploit this by using the control-ui client identifier to skip pairing requirements and gain unauthorized access to node event execution flows.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-807
Reliance on Untrusted Inputs in a Security Decision
CVE-2026-32975
Matching Score-6
Assigner-VulnCheck
ShareView Details
Matching Score-6
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.08% / 23.02%
||
7 Day CHG~0.00%
Published-29 Mar, 2026 | 12:44
Updated-30 Mar, 2026 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.3.12 - Weak Authorization via Mutable Group Names in Zalouser Allowlist

OpenClaw before 2026.3.12 contains a weak authorization vulnerability in Zalouser allowlist mode that matches mutable group display names instead of stable group identifiers. Attackers can create groups with identical names to allowlisted groups to bypass channel authorization and route messages from unintended groups to the agent.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-807
Reliance on Untrusted Inputs in a Security Decision
CVE-2026-32898
Matching Score-6
Assigner-VulnCheck
ShareView Details
Matching Score-6
Assigner-VulnCheck
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 5.37%
||
7 Day CHG-0.03%
Published-21 Mar, 2026 | 00:42
Updated-24 Mar, 2026 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.2.23 - ACP Permission Auto-Approval Bypass via Untrusted Tool Metadata

OpenClaw versions prior to 2026.2.23 contain an authorization bypass vulnerability in the ACP client that auto-approves tool calls based on untrusted toolCall.kind metadata and permissive name heuristics. Attackers can bypass interactive approval prompts for read-class operations by spoofing tool metadata or using non-core read-like names to reach auto-approve paths.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-807
Reliance on Untrusted Inputs in a Security Decision
CVE-2026-41299
Matching Score-6
Assigner-VulnCheck
ShareView Details
Matching Score-6
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-0.05% / 16.68%
||
7 Day CHG~0.00%
Published-20 Apr, 2026 | 23:08
Updated-27 Apr, 2026 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.3.28 - Client Identity Spoofing in chat.send Gateway Provenance Guard

OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the chat.send gateway method where ACP-only provenance fields are gated by self-declared client metadata from WebSocket handshake rather than verified authorization state. Authenticated operator clients can spoof ACP identity labels and inject reserved provenance fields intended only for the ACP bridge by manipulating client metadata during connection.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-807
Reliance on Untrusted Inputs in a Security Decision
Details not found