Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-35659— OpenClaw < 2026.3.22 - Unresolved Service Metadata Routing via Bonjour and DNS-SD Discovery

CVSS 4.6 · Medium EPSS 0.01% · P1
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-35659

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
OpenClaw < 2026.3.22 - Unresolved Service Metadata Routing via Bonjour and DNS-SD Discovery
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenClaw before 2026.3.22 contains a service discovery vulnerability where TXT metadata from Bonjour and DNS-SD could influence CLI routing even when actual service resolution failed. Attackers can exploit unresolved hints to steer routing decisions to unintended targets by providing malicious discovery metadata.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
对数据真实性的验证不充分
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenClaw 数据伪造问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.3.22之前版本存在数据伪造问题漏洞,该漏洞源于服务发现中TXT元数据可能影响CLI路由,可能导致攻击者通过提供恶意发现元数据将路由决策导向非预期目标。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
OpenClawOpenClaw 0 ~ 2026.3.22 -

II. Public POCs for CVE-2026-35659

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-35659

登录查看更多情报信息。
Patch · 2Advisory · 2

Same Patch Batch · OpenClaw · 2026-04-10 · 29 CVEs total

CVE-2026-356698.8 HIGHOpenClaw < 2026.3.25 - Privilege Escalation via Gateway Plugin HTTP Authentication Scope
CVE-2026-356438.8 HIGHOpenClaw < 2026.3.22 - Arbitrary Code Execution via Unvalidated WebView JavascriptInterfac
CVE-2026-356668.8 HIGHOpenClaw < 2026.3.22 - Allowlist Bypass via Unregistered Time Dispatch Wrapper
CVE-2026-356638.8 HIGHOpenClaw < 2026.3.25 - Privilege Escalation via Backend Reconnect Scope Self-Claim
CVE-2026-356608.1 HIGHOpenClaw < 2026.3.23 - Insufficient Access Control in Gateway Agent Session Reset
CVE-2026-356538.1 HIGHOpenClaw < 2026.3.24 - Incorrect Authorization in POST /reset-profile via browser.request
CVE-2026-356417.8 HIGHOpenClaw < 2026.3.24 - Arbitrary Code Execution via .npmrc in Local Plugin/Hook Installati
CVE-2026-356687.7 HIGHOpenClaw < 2026.3.24 - Sandbox Media Root Bypass via Unnormalized mediaUrl and fileUrl Par
CVE-2026-356507.5 HIGHOpenClaw < 2026.3.22 - Environment Variable Override Bypass via Inconsistent Sanitization
CVE-2026-356216.5 MEDIUMOpenClaw < 2026.3.24 - Privilege Escalation via chat.send to Allowlist Persistence
CVE-2026-356496.5 MEDIUMOpenClaw < 2026.3.22 - Settings Reconciliation Bypass via Empty Allowlist
CVE-2026-356586.5 MEDIUMOpenClaw < 2026.3.2 - Filesystem Boundary Bypass in Image Tool
CVE-2026-356576.5 MEDIUMOpenClaw < 2026.3.25 - Authorization Bypass in HTTP Session History Route
CVE-2026-356566.5 MEDIUMOpenClaw < 2026.3.22 - XFF Loopback Spoofing Bypass in Canvas Authentication and Rate Limi
CVE-2026-356526.5 MEDIUMOpenClaw < 2026.3.22 - Unauthorized Action Execution via Callback Dispatch
CVE-2026-356676.1 MEDIUMOpenClaw < 2026.3.24 - Improper Process Termination via Unpatched killProcessTree in shell
CVE-2026-356705.9 MEDIUMOpenClaw < 2026.3.22 - Webhook Reply Rebinding via Username Resolution in Synology Chat
CVE-2026-356555.7 MEDIUMOpenClaw < 2026.3.22 - Identity Spoofing via rawInput Tool in ACP Permission Resolution
CVE-2026-356205.4 MEDIUMOpenClaw < 2026.3.24 - Missing Authorization in /send and /allowlist Chat Commands
CVE-2026-356545.3 MEDIUMOpenClaw < 2026.3.25 - Authorization Bypass in Microsoft Teams Feedback Invoke

Showing top 20 of 29 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: OpenClaw
Same vendor: OpenClaw
Same weakness: CWE-345

V. Comments for CVE-2026-35659

No comments yet

Leave a comment