VYPR
Medium severity5.4NVD Advisory· Published May 29, 2026· Updated Jun 1, 2026

CVE-2026-34507

CVE-2026-34507

Description

OpenClaw before 2026.4.29 contains a policy bypass vulnerability in QQBot admin commands that allows authenticated senders to skip DM-only and allowFrom policy checks. Attackers can route admin commands from unauthorized senders or contexts to execute restricted behavior that policy should have blocked.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • OpenClaw/Openclawinferred3 versions
    <2026.4.29+ 2 more
    • (no CPE)range: <2026.4.29
    • cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*range: <2026.4.29
    • (no CPE)range: <2026.4.29

Patches

Vulnerability mechanics

References

2

News mentions

1