CVE-2026-35647
Published
CVSS v3
5.3
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
OpenClaw before 2026.3.25 contains an access control vulnerability where verification notices bypass DM policy checks and reply to unpaired peers. Attackers can send verification notices to users outside allowed direct message policies by exploiting insufficient access validation before message transmission.
Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞
GitHub