CVE-2026-35661 Overview
CVE-2026-35661 is an authorization bypass vulnerability in OpenClaw, a Node.js application, affecting versions prior to 2026.3.25. The vulnerability exists in the Telegram callback query handling mechanism, which allows attackers to mutate session state without satisfying normal DM (Direct Message) pairing requirements. By exploiting weaker callback-only authorization in direct messages, remote attackers can bypass DM pairing controls and modify session state.
Critical Impact
Remote attackers can exploit this authorization bypass to manipulate session state without proper authentication, potentially leading to unauthorized actions within Telegram bot integrations.
Affected Products
- OpenClaw versions prior to 2026.3.25
- OpenClaw for Node.js
Discovery Timeline
- 2026-04-10 - CVE-2026-35661 published to NVD
- 2026-04-13 - Last updated in NVD database
Technical Details for CVE-2026-35661
Vulnerability Analysis
This vulnerability is classified under CWE-288 (Authentication Bypass Using an Alternate Path or Channel). The core issue lies in how OpenClaw handles authorization for Telegram callback queries in direct message contexts versus group contexts.
The application implements different authorization modes depending on the context of the Telegram interaction. Prior to the patch, callback queries received in direct messages were processed with a less restrictive authorization mode (callback-allowlist or callback-scope) compared to the standard DM command authorization requirements. This inconsistency created an alternate path that attackers could exploit to bypass the normal DM pairing security gate.
The attack vector is network-based and requires no user interaction or special privileges, making it accessible to remote attackers who can send crafted callback queries through Telegram's bot API.
Root Cause
The root cause of this vulnerability is the failure to enforce consistent authorization checks for callback queries in DM contexts. The conditional logic that determined the authorizationMode did not account for whether the callback originated from a group chat or a direct message, allowing DM callbacks to bypass the sender authorization gate that normally protects DM commands.
Attack Vector
An attacker can exploit this vulnerability by:
- Initiating interaction with the OpenClaw Telegram bot in a direct message context
- Sending crafted callback queries that trigger the weaker authorization path
- Manipulating session state without meeting the standard DM pairing requirements
- Potentially performing unauthorized actions or state modifications within the bot's session management
The following patch demonstrates the security fix implemented in OpenClaw:
}
const senderId = callback.from?.id ? String(callback.from.id) : "";
const senderUsername = callback.from?.username ?? "";
+ // DM callbacks must enforce the same sender authorization gate as normal DM commands.
const authorizationMode: TelegramEventAuthorizationMode =
- !execApprovalButtonsEnabled && inlineButtonsScope === "allowlist"
+ !isGroup || (!execApprovalButtonsEnabled && inlineButtonsScope === "allowlist")
? "callback-allowlist"
: "callback-scope";
const senderAuthorization = authorizeTelegramEventSender({
Source: GitHub Commit
The fix adds the !isGroup condition to ensure that DM callbacks enforce the same sender authorization gate as normal DM commands, closing the authorization bypass path.
Detection Methods for CVE-2026-35661
Indicators of Compromise
- Unusual callback query patterns in Telegram bot logs originating from DM contexts
- Session state modifications occurring without corresponding DM pairing events
- Unexpected authorization mode assignments in bot-handlers.runtime.ts execution logs
- Anomalous user activity showing session manipulation without proper authentication flow
Detection Strategies
- Monitor Telegram bot callback query logs for authorization mode inconsistencies between DM and group contexts
- Implement logging to track authorizationMode assignments and flag instances where DM callbacks use callback-scope without proper pairing
- Review application logs for session state changes that lack corresponding DM pairing verification events
- Deploy runtime monitoring to detect unauthorized session mutations in the Telegram integration layer
Monitoring Recommendations
- Enable verbose logging for the Telegram bot handler component (extensions/telegram/src/bot-handlers.runtime.ts)
- Set up alerts for session state modifications that occur outside normal authorization workflows
- Monitor for patterns of repeated callback queries from the same sender in DM contexts without successful pairing
- Implement audit logging for all authorization mode decisions in the Telegram integration
How to Mitigate CVE-2026-35661
Immediate Actions Required
- Upgrade OpenClaw to version 2026.3.25 or later immediately
- Review Telegram bot logs for any suspicious callback query activity prior to patching
- Audit session state integrity to identify any unauthorized modifications
- Consider temporarily disabling Telegram DM interactions if immediate patching is not possible
Patch Information
The vulnerability has been addressed in OpenClaw version 2026.3.25. The security patch is available through the GitHub Commit. For detailed information about the vulnerability, refer to the GitHub Security Advisory and the VulnCheck Advisory.
Workarounds
- Disable inline button callback functionality in DM contexts until patching is complete
- Implement additional authorization checks at the application layer for Telegram callback queries
- Restrict Telegram bot interactions to group contexts only where the authorization logic was already properly enforced
- Apply network-level controls to limit access to the Telegram bot integration endpoints
# Upgrade OpenClaw to patched version
npm update openclaw@2026.3.25
# Verify installed version
npm list openclaw
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
