VYPR
High severity8.0NVD Advisory· Published May 29, 2026· Updated Jun 1, 2026

CVE-2026-35630

CVE-2026-35630

Description

OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval buttons to resolve pending exec or plugin approval requests without proper authorization.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • OpenClaw/Openclawinferred2 versions
    <2026.5.18+ 1 more
    • (no CPE)range: <2026.5.18
    • (no CPE)range: <2026.5.18

Patches

Vulnerability mechanics

References

2

News mentions

1