CVE-2026-35652 Overview
OpenClaw before version 2026.3.22 contains an authorization bypass vulnerability in interactive callback dispatch that allows non-allowlisted senders to execute action handlers. Attackers can bypass sender authorization checks by dispatching callbacks before normal security validation completes, enabling unauthorized actions. This vulnerability affects the Node.js implementation of OpenClaw and represents a significant access control weakness that could allow unauthorized users to perform privileged operations.
Critical Impact
Unauthorized users can bypass sender authorization checks and execute action handlers, potentially leading to unauthorized data modification or service disruption.
Affected Products
- OpenClaw versions prior to 2026.3.22
- OpenClaw Node.js package
Discovery Timeline
- 2026-04-10 - CVE-2026-35652 published to NVD
- 2026-04-13 - Last updated in NVD database
Technical Details for CVE-2026-35652
Vulnerability Analysis
This vulnerability is classified under CWE-696 (Incorrect Behavior Order), which occurs when the software performs actions in an incorrect order that undermines security controls. In the case of OpenClaw, the interactive callback dispatch mechanism processes callbacks before the sender authorization validation has completed its checks. This timing flaw creates a window where non-allowlisted senders can invoke action handlers that should be restricted to authorized parties only.
The vulnerability is exploitable over the network without requiring authentication or user interaction. While the confidentiality impact is limited, attackers can achieve unauthorized modifications to data (integrity impact) and potentially cause service disruptions (availability impact).
Root Cause
The root cause stems from incorrect behavior ordering in the callback dispatch flow. The OpenClaw framework processes interactive callbacks in a sequence where action handler execution occurs prior to the completion of sender allowlist validation. This architectural flaw means that malicious actors can time their callback dispatch requests to execute before the security layer has verified whether the sender is authorized to perform the requested action.
Attack Vector
The attack exploits the network-accessible callback dispatch interface. An attacker sends a crafted callback request that gets processed by the action handler before the authorization subsystem has completed its sender verification. Since no privileges are required and no user interaction is needed, any remote attacker with network access to the OpenClaw service can potentially exploit this vulnerability.
The attack flow involves:
- An attacker identifies an OpenClaw instance exposing the interactive callback dispatch interface
- The attacker crafts a callback request targeting a restricted action handler
- By dispatching the callback at the appropriate timing, the request bypasses the sender allowlist check
- The unauthorized action handler executes, allowing the attacker to perform restricted operations
See the GitHub Security Advisory GHSA-8883 for additional technical details on the vulnerability mechanism.
Detection Methods for CVE-2026-35652
Indicators of Compromise
- Unexpected callback dispatch requests from non-allowlisted IP addresses or sender identifiers
- Action handler executions without corresponding successful authorization log entries
- Anomalous timing patterns in callback processing that indicate race condition exploitation
- Elevated rates of callback requests targeting privileged action handlers
Detection Strategies
- Implement logging that correlates callback dispatch events with authorization validation completion timestamps
- Monitor for callback requests from senders not present in the configured allowlist
- Deploy application-level intrusion detection to identify callback timing anomalies
- Review action handler execution logs for operations that lack preceding authorization confirmations
Monitoring Recommendations
- Enable verbose logging for the callback dispatch and authorization subsystems
- Set up alerts for any action handler execution where sender authorization status is incomplete or failed
- Monitor network traffic patterns for unusual callback request volumes or timing characteristics
- Regularly audit callback dispatch logs against the sender allowlist configuration
How to Mitigate CVE-2026-35652
Immediate Actions Required
- Upgrade OpenClaw to version 2026.3.22 or later immediately
- Review callback dispatch logs for any evidence of prior exploitation attempts
- Verify that sender allowlists are properly configured and restrict access to only trusted senders
- Consider temporarily disabling interactive callback features if immediate patching is not possible
Patch Information
OpenClaw has released security patches that address this authorization bypass vulnerability. The patches ensure that sender authorization validation completes before any action handlers are dispatched. Apply the following updates:
- Update to OpenClaw version 2026.3.22 or later
- Review the GitHub Commit Fix for implementation details
- Additional changes are documented in the GitHub Commit Update
For complete details, refer to the official GitHub Security Advisory GHSA-8883 and the VulnCheck Advisory on OpenClaw.
Workarounds
- Restrict network access to the callback dispatch interface using firewall rules or network segmentation
- Implement additional authentication layers in front of the OpenClaw service
- Configure strict sender allowlists and reduce the number of authorized senders to the minimum necessary
- Deploy a web application firewall (WAF) with custom rules to validate callback request sources before they reach OpenClaw
# Example: Restrict callback dispatch access via iptables
# Allow only trusted IP ranges to access the OpenClaw callback port
iptables -A INPUT -p tcp --dport 3000 -s 10.0.0.0/8 -j ACCEPT
iptables -A INPUT -p tcp --dport 3000 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
