CVE-2026-35670 Overview
OpenClaw before version 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to rebind chat replies to unintended users. The vulnerability stems from the application's use of mutable username matching instead of stable numeric user identifiers when processing webhook-triggered replies. Attackers can exploit this flaw by manipulating username changes to redirect webhook-triggered replies to different users, effectively bypassing the intended recipient binding recorded in webhook events.
This vulnerability is classified as CWE-807: Reliance on Untrusted Inputs in a Security Decision, as the application improperly trusts mutable usernames for critical user identification decisions.
Critical Impact
Attackers with low-privilege access can redirect sensitive webhook reply messages to unintended recipients, potentially exposing confidential communications and bypassing message delivery controls in chat integrations.
Affected Products
- OpenClaw versions prior to 2026.3.22
- OpenClaw Node.js package (cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*)
- OpenClaw webhook integration components
Discovery Timeline
- 2026-04-10 - CVE-2026-35670 published to NVD
- 2026-04-13 - Last updated in NVD database
Technical Details for CVE-2026-35670
Vulnerability Analysis
The vulnerability exists in OpenClaw's webhook reply delivery mechanism, specifically in how the application resolves user identities when processing incoming webhook events. Instead of using immutable numeric user identifiers (such as database primary keys or UUIDs), the application relies on mutable username strings to determine the recipient of webhook-triggered replies.
This design flaw creates a race condition scenario where an attacker can change their username to match that of another user between the time a webhook event is recorded and when the reply is delivered. The webhook system, trusting the username as a stable identifier, delivers the reply to the wrong user based on the current username resolution rather than the original intended recipient.
Root Cause
The root cause is the application's reliance on untrusted, mutable inputs (usernames) for security-critical decisions regarding message routing. Usernames are inherently changeable user-controlled values and should never be used as the sole identifier for message delivery in webhook systems. The proper approach is to use stable, system-generated numeric identifiers that remain constant throughout a user's lifecycle.
Attack Vector
The attack requires network access and low-privilege authentication. An attacker must have an account on the OpenClaw platform and the ability to change their username. The attack sequence involves:
- Monitoring for webhook events targeting a specific user
- Timing a username change to match the intended recipient's username
- Exploiting the resolution window to intercept webhook replies
- Receiving messages intended for the original user
The vulnerability does not require user interaction and can be exploited remotely over the network, though the attack complexity is considered high due to the timing requirements involved.
Detection Methods for CVE-2026-35670
Indicators of Compromise
- Unusual patterns of username changes, particularly rapid or frequent modifications
- Webhook reply messages delivered to users who were not the original intended recipients
- Audit log discrepancies showing mismatched user identifiers in webhook event chains
- User complaints about missing expected webhook notifications or receiving unexpected messages
Detection Strategies
- Implement monitoring for username change events, flagging accounts with abnormally high change frequencies
- Compare webhook event recipient identifiers against delivery logs to identify mismatches
- Deploy anomaly detection on message routing patterns to identify potential rebinding attacks
- Review webhook integration logs for evidence of timing-based exploitation attempts
Monitoring Recommendations
- Enable detailed audit logging for all username change operations with timestamps
- Monitor webhook delivery metrics for anomalous patterns in recipient resolution
- Implement alerting on multiple failed or redirected webhook deliveries for the same event
- Correlate username changes with subsequent webhook delivery events to identify suspicious activity
How to Mitigate CVE-2026-35670
Immediate Actions Required
- Upgrade OpenClaw to version 2026.3.22 or later immediately
- Review webhook integration configurations for any signs of exploitation
- Audit recent username change logs for suspicious patterns
- Consider temporarily restricting username change frequency until patched
Patch Information
The OpenClaw development team has released patches addressing this vulnerability. Two commits have been published to remediate the issue:
For complete details on the vulnerability and remediation, refer to the GitHub Security Advisory GHSA-wv46-v6xc-2qhf.
Workarounds
- Implement rate limiting on username changes to reduce the attack window for exploitation
- Add server-side validation that cross-references numeric user IDs before delivering webhook replies
- Deploy additional authentication checks for webhook delivery to verify recipient identity
- Consider disabling webhook reply functionality temporarily until the patch can be applied
The recommended mitigation approach involves modifying webhook delivery logic to bind replies using immutable numeric user identifiers rather than usernames. Consult the security advisory for implementation guidance specific to your deployment configuration.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
