CVE-2026-35664 Overview
OpenClaw before version 2026.3.25 contains an authentication bypass vulnerability in the raw card send surface that allows unpaired recipients to mint legacy callback payloads. This vulnerability enables attackers to send raw card commands to bypass DM pairing restrictions and reach callback handling without proper authorization, potentially compromising the integrity of the messaging system.
Critical Impact
Attackers can bypass DM pairing restrictions using raw card commands, enabling unauthorized access to callback handling functionality and potentially allowing message manipulation or unauthorized actions within the OpenClaw platform.
Affected Products
- OpenClaw versions prior to 2026.3.25
- OpenClaw Node.js package (openclaw:openclaw)
- Applications implementing OpenClaw's raw card send functionality
Discovery Timeline
- 2026-04-10 - CVE-2026-35664 published to NVD
- 2026-04-13 - Last updated in NVD database
Technical Details for CVE-2026-35664
Vulnerability Analysis
This vulnerability is classified as CWE-288 (Authentication Bypass Using an Alternate Path or Channel). The flaw exists in OpenClaw's raw card send surface, where the application fails to properly validate whether a sender has been paired with a recipient before processing legacy callback payloads.
When raw card commands are processed, the vulnerable code path allows unpaired recipients to reach callback handling logic that should only be accessible to properly authenticated and paired users. This creates an alternate channel through which attackers can bypass the intended DM pairing security controls.
The network-accessible nature of this vulnerability means it can be exploited remotely without requiring any prior authentication or user interaction. However, the impact is limited to integrity violations, as attackers can manipulate the callback flow but cannot directly access confidential data or cause service disruption.
Root Cause
The root cause lies in insufficient authorization checks within the raw card command processing pipeline. The legacy callback mechanism was designed before the DM pairing security model was implemented, and the integration between these two systems lacks proper validation. Specifically, the callback handler processes payloads without verifying that the originating sender has completed the required pairing handshake with the intended recipient.
Attack Vector
The attack vector is network-based and exploits the raw card send surface. An attacker can craft malicious raw card commands containing specially constructed legacy callback payloads. By sending these commands directly to the vulnerable endpoint, the attacker bypasses the DM pairing verification that normally restricts who can initiate callbacks with a given recipient.
The attack flow involves:
- Identifying a target recipient within the OpenClaw system
- Constructing a raw card command with a legacy callback payload
- Sending the command through the raw card send surface
- The payload reaches callback handling without pairing verification
- The attacker gains unauthorized access to execute callbacks
For detailed technical information about the vulnerability mechanism, refer to the GitHub Security Advisory and VulnCheck Advisory.
Detection Methods for CVE-2026-35664
Indicators of Compromise
- Unusual raw card command traffic from unpaired or unknown sender identities
- Callback execution events where no corresponding DM pairing record exists
- Elevated volume of legacy callback payload submissions from single sources
- Authentication logs showing callback handler access without prior pairing handshake
Detection Strategies
- Implement logging for all raw card commands and correlate with DM pairing status
- Monitor callback handler invocations for requests originating from unpaired senders
- Deploy application-layer inspection to identify legacy callback payload patterns in raw card traffic
- Create alerts for callback executions that lack associated pairing verification events
Monitoring Recommendations
- Enable verbose logging on the raw card send surface to capture sender metadata
- Set up real-time alerting for any callback handling that bypasses the standard pairing flow
- Review authentication and authorization logs for anomalous patterns around callback endpoints
- Integrate OpenClaw logging with SIEM solutions for correlation and threat hunting
How to Mitigate CVE-2026-35664
Immediate Actions Required
- Upgrade OpenClaw to version 2026.3.25 or later immediately
- Review callback handler access logs to identify potential exploitation attempts
- Temporarily disable legacy callback functionality if immediate patching is not possible
- Implement network-level controls to restrict access to the raw card send surface
Patch Information
The OpenClaw maintainers have addressed this vulnerability in the security patch committed with hash 81c45976db532324b5a0918a70decc19520dc354. Organizations should update to OpenClaw version 2026.3.25 or later to receive the fix. The patch ensures that DM pairing verification is enforced before legacy callback payloads can be processed through the raw card send surface.
For detailed patch information, see the GitHub Commit and GitHub Security Advisory GHSA-77w2-crqv-cmv3.
Workarounds
- Disable the raw card send surface entirely if not required for business operations
- Implement application firewall rules to filter requests containing legacy callback payload patterns
- Deploy network segmentation to limit which systems can access the raw card send endpoint
- Add custom middleware to validate DM pairing status before raw card commands reach the callback handler
# Example: Update OpenClaw package to patched version
npm update openclaw@2026.3.25
# Verify installed version
npm list openclaw
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
