CVE-2026-35643

Published April 10th, 2026

View on NVD ↗

CVSS v3

8.8

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject arbitrary instructions. Untrusted pages can invoke the canvas bridge to execute malicious code within the Android application context.

openclaw/openclaw

Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞

GitHub

380K