Medium severity4.2NVD Advisory· Published Apr 9, 2026· Updated Apr 16, 2026
CVE-2026-35617
CVE-2026-35617
Description
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy enforcement that relies on mutable space display names. Attackers can rebind group policies by changing or colliding space display names to gain unauthorized access to protected resources.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
openclawnpm | < 2026.3.28 | 2026.3.28 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/openclaw/openclaw/commit/11ea1f67863d88b6cbcb229dd368a45e07094bffnvdPatchWEB
- github.com/advisories/GHSA-52q4-3xjc-6778ghsaADVISORY
- github.com/openclaw/openclaw/security/advisories/GHSA-52q4-3xjc-6778nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-35617ghsaADVISORY
- www.vulncheck.com/advisories/openclaw-authorization-bypass-via-group-policy-rebinding-with-mutable-space-displaynamenvdThird Party AdvisoryWEB
News mentions
0No linked articles in our index yet.