CVE-2026-35659 Overview
OpenClaw before version 2026.3.22 contains a service discovery vulnerability where TXT metadata from Bonjour and DNS-SD could influence CLI routing even when actual service resolution failed. Attackers can exploit unresolved hints to steer routing decisions to unintended targets by providing malicious discovery metadata.
This vulnerability is classified as CWE-345 (Insufficient Verification of Data Authenticity), indicating that the affected software fails to properly verify that data claiming to be from a trusted source actually originates from that source.
Critical Impact
Attackers on an adjacent network can manipulate service discovery metadata to redirect CLI gateway routing to malicious endpoints, potentially enabling man-in-the-middle attacks or service impersonation without requiring authentication.
Affected Products
- OpenClaw versions prior to 2026.3.22 (Node.js)
- OpenClaw CLI gateway discovery components
- OpenClaw Bonjour/DNS-SD integration modules
Discovery Timeline
- 2026-04-10 - CVE-2026-35659 published to NVD
- 2026-04-13 - Last updated in NVD database
Technical Details for CVE-2026-35659
Vulnerability Analysis
The vulnerability exists in OpenClaw's gateway discovery mechanism, specifically in how the CLI handles service endpoint resolution via Bonjour and DNS-SD protocols. When a service discovery operation returns TXT record metadata but fails to successfully resolve the actual service endpoint, the application would still use the unresolved metadata to influence routing decisions.
This creates a dangerous condition where an attacker on the adjacent network can broadcast malicious service discovery advertisements containing crafted TXT metadata. Even though the advertised service may not resolve to a valid endpoint, the metadata would still be processed and could redirect traffic to attacker-controlled destinations.
The core issue lies in the application's failure to enforce a "fail closed" security posture—instead of rejecting routing decisions when endpoint resolution fails, it continued to trust and act upon the metadata hints from unverified sources.
Root Cause
The root cause is insufficient verification of data authenticity (CWE-345) in the service discovery workflow. The resolveCommandAuthorization function and related gateway discovery components did not properly validate that service endpoints were fully resolved before using associated metadata for routing decisions. The application trusted TXT record metadata from Bonjour and DNS-SD broadcasts without confirming that the advertised services could actually be contacted and verified.
Attack Vector
The attack requires adjacent network access, meaning the attacker must be on the same local network segment as the victim. The attack flow involves:
- Attacker broadcasts malicious Bonjour/DNS-SD service advertisements on the local network
- Advertisements contain crafted TXT metadata pointing to attacker-controlled endpoints
- The advertised service endpoints fail to resolve or point to non-existent services
- OpenClaw CLI processes the unresolved metadata hints
- Routing decisions are influenced by the malicious metadata
- User traffic is redirected to attacker-controlled destinations
The attack requires some user interaction to trigger the vulnerable discovery mechanism.
The security patch introduces explicit validation using pickResolvedGatewayHost and pickResolvedGatewayPort functions to ensure endpoints are fully resolved before being trusted:
-import type { GatewayBonjourBeacon } from "../../infra/bonjour-discovery.js";
+import {
+ type GatewayBonjourBeacon,
+ pickResolvedGatewayHost,
+ pickResolvedGatewayPort,
+} from "../../infra/bonjour-discovery.js";
import { colorize, theme } from "../../terminal/theme.js";
import { parseTimeoutMsWithFallback } from "../parse-timeout.js";
Source: GitHub Commit Changes
Detection Methods for CVE-2026-35659
Indicators of Compromise
- Unexpected Bonjour/DNS-SD service advertisements on the local network with suspicious TXT metadata
- CLI gateway connections attempting to reach unusual or unauthorized endpoints
- Service discovery logs showing resolution failures followed by routing decisions
- Network traffic to unexpected destinations from OpenClaw CLI processes
Detection Strategies
- Monitor local network traffic for anomalous Bonjour/mDNS broadcasts advertising OpenClaw-related services
- Implement network segmentation to limit exposure to adjacent network attacks
- Review OpenClaw CLI logs for service discovery failures that still result in routing decisions
- Deploy network intrusion detection rules to identify malicious service advertisement patterns
Monitoring Recommendations
- Enable verbose logging for OpenClaw gateway discovery operations
- Monitor for unauthorized mDNS/DNS-SD traffic on ports 5353 (mDNS) and related service discovery ports
- Implement alerting on gateway connections to endpoints not in an approved allowlist
- Audit network for devices broadcasting suspicious service advertisements
How to Mitigate CVE-2026-35659
Immediate Actions Required
- Upgrade OpenClaw to version 2026.3.23 or later immediately
- Review network access controls to limit adjacent network attack surface
- Audit existing gateway configurations for unauthorized endpoint entries
- Consider disabling automatic service discovery until patched
Patch Information
OpenClaw has released security patches that implement a "fail closed" approach for unresolved discovery endpoints. The fix ensures that gateway host and port values are explicitly validated using the new pickResolvedGatewayHost and pickResolvedGatewayPort helper functions before being used for routing decisions.
Patch commits are available:
For detailed information, see the GitHub Security Advisory.
Workarounds
- Disable Bonjour/DNS-SD service discovery by configuring static gateway endpoints
- Implement network segmentation to isolate OpenClaw deployments from untrusted adjacent networks
- Use explicit gateway configuration instead of relying on automatic discovery
- Deploy firewall rules to block mDNS traffic from untrusted network segments
# Configuration example: Disable automatic discovery and use static gateway
# In OpenClaw configuration file
export OPENCLAW_GATEWAY_HOST="trusted-gateway.internal.domain"
export OPENCLAW_GATEWAY_PORT="8443"
export OPENCLAW_DISABLE_DISCOVERY="true"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
