CVE-2026-35662: Openclaw Auth Bypass Vulnerability

CVE-2026-35662 Overview

CVE-2026-35662 is a Missing Authorization vulnerability affecting OpenClaw, a Node.js package. The vulnerability exists because OpenClaw versions prior to 2026.3.22 fail to enforce controlScope restrictions on the send action. This flaw allows leaf subagents to send messages to controlled child sessions beyond their authorized scope, effectively bypassing intended access control restrictions.

Critical Impact
Attackers with low privileges can exploit this vulnerability to communicate with child sessions without proper scope validation, bypassing authorization controls designed to restrict inter-session messaging.

Affected Products

OpenClaw versions prior to 2026.3.22
OpenClaw Node.js package (all affected versions)

Discovery Timeline

2026-04-10 - CVE-2026-35662 published to NVD
2026-04-13 - Last updated in NVD database

Technical Details for CVE-2026-35662

Vulnerability Analysis

This vulnerability is classified as CWE-862 (Missing Authorization). The core issue lies in the inadequate enforcement of controlScope restrictions within OpenClaw's send action handler. When a leaf subagent invokes the send action, the system fails to validate whether the target child session falls within the subagent's authorized scope boundaries.

The vulnerability is exploitable over the network and requires low privileges to execute. While no user interaction is required, the impact is limited to integrity violations—allowing unauthorized message delivery to controlled sessions. There is no direct impact on confidentiality or availability.

Root Cause

The root cause is a missing authorization check in the send action implementation. When processing send requests from leaf subagents, the code path responsible for validating controlScope boundaries is either bypassed or not properly implemented. This allows subagents to reference and communicate with child sessions that should be outside their authorized control scope.

Attack Vector

An attacker with access to a leaf subagent within the OpenClaw system can exploit this vulnerability by crafting send action requests targeting child sessions outside their authorized controlScope. The attack requires:

Access to a legitimate leaf subagent within the OpenClaw environment
Knowledge of target child session identifiers
Ability to invoke the send action through the subagent interface

The vulnerability allows the attacker to bypass session isolation boundaries, potentially enabling unauthorized command execution or data manipulation within child sessions that should be inaccessible to the compromised subagent.

Detection Methods for CVE-2026-35662

Indicators of Compromise

Unusual send action requests from leaf subagents targeting sessions outside their normal control scope
Unexpected inter-session communication patterns in OpenClaw logs
Subagent activities involving child sessions that are not part of their configured controlScope

Detection Strategies

Monitor OpenClaw application logs for send action requests that cross controlScope boundaries
Implement audit logging for all inter-session messaging to identify anomalous patterns
Review subagent activity logs for attempts to access sessions beyond authorized scope

Monitoring Recommendations

Enable verbose logging for send actions within OpenClaw deployments
Configure alerting for send action requests that would violate controlScope restrictions
Regularly audit subagent permissions and their associated control scope configurations

How to Mitigate CVE-2026-35662

Immediate Actions Required

Upgrade OpenClaw to version 2026.3.22 or later immediately
Review subagent configurations to ensure controlScope is properly defined
Audit recent logs for any suspicious send action activity that may indicate exploitation attempts

Patch Information

The OpenClaw maintainers have addressed this vulnerability through security patches. Two commits have been released to fix the missing authorization check:

For complete details, refer to the GitHub Security Advisory GHSA-x2cm-hg9c-mf5w.

Workarounds

Restrict network access to OpenClaw instances to trusted environments only
Implement additional application-layer authorization checks before processing send actions
Consider deploying network segmentation to limit the exposure of OpenClaw deployments

bash

# Upgrade OpenClaw to patched version
npm update openclaw@2026.3.22

# Verify installed version
npm list openclaw

CVE-2026-35662 Overview

Critical Impact
Attackers with low privileges can exploit this vulnerability to communicate with child sessions without proper scope validation, bypassing authorization controls designed to restrict inter-session messaging.

Affected Products

OpenClaw versions prior to 2026.3.22
OpenClaw Node.js package (all affected versions)

Discovery Timeline

2026-04-10 - CVE-2026-35662 published to NVD
2026-04-13 - Last updated in NVD database

Technical Details for CVE-2026-35662

Vulnerability Analysis

Root Cause

Attack Vector

Access to a legitimate leaf subagent within the OpenClaw environment
Knowledge of target child session identifiers
Ability to invoke the send action through the subagent interface

Detection Methods for CVE-2026-35662

Indicators of Compromise

Unusual send action requests from leaf subagents targeting sessions outside their normal control scope
Unexpected inter-session communication patterns in OpenClaw logs
Subagent activities involving child sessions that are not part of their configured controlScope

Detection Strategies

Monitor OpenClaw application logs for send action requests that cross controlScope boundaries
Implement audit logging for all inter-session messaging to identify anomalous patterns
Review subagent activity logs for attempts to access sessions beyond authorized scope

Monitoring Recommendations

Enable verbose logging for send actions within OpenClaw deployments
Configure alerting for send action requests that would violate controlScope restrictions
Regularly audit subagent permissions and their associated control scope configurations

How to Mitigate CVE-2026-35662

Immediate Actions Required

Upgrade OpenClaw to version 2026.3.22 or later immediately
Review subagent configurations to ensure controlScope is properly defined
Audit recent logs for any suspicious send action activity that may indicate exploitation attempts

Patch Information

The OpenClaw maintainers have addressed this vulnerability through security patches. Two commits have been released to fix the missing authorization check:

For complete details, refer to the GitHub Security Advisory GHSA-x2cm-hg9c-mf5w.

Workarounds

Restrict network access to OpenClaw instances to trusted environments only
Implement additional application-layer authorization checks before processing send actions
Consider deploying network segmentation to limit the exposure of OpenClaw deployments

bash

# Upgrade OpenClaw to patched version
npm update openclaw@2026.3.22

# Verify installed version
npm list openclaw

CVE-2026-35662: Openclaw Auth Bypass Vulnerability

CVE-2026-35662 Overview

Critical Impact

Affected Products

Discovery Timeline

Technical Details for CVE-2026-35662

Vulnerability Analysis

Root Cause

Attack Vector

Detection Methods for CVE-2026-35662

Indicators of Compromise

Detection Strategies

Monitoring Recommendations

How to Mitigate CVE-2026-35662

Immediate Actions Required

Patch Information

Workarounds

Experience the World’s Most Advanced Cybersecurity Platform

CVE-2026-35662: Openclaw Auth Bypass Vulnerability

CVE-2026-35662 Overview

Critical Impact

Affected Products

Discovery Timeline

Technical Details for CVE-2026-35662

Vulnerability Analysis

Root Cause

Attack Vector

Detection Methods for CVE-2026-35662

Indicators of Compromise

Detection Strategies

Monitoring Recommendations

How to Mitigate CVE-2026-35662

Immediate Actions Required

Patch Information

Workarounds

Experience the World’s Most Advanced Cybersecurity Platform