VYPR
Medium severity4.3NVD Advisory· Published Apr 9, 2026· Updated Apr 15, 2026

CVE-2026-35642

CVE-2026-35642

Description

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction events bypass the requireMention access control mechanism. Attackers can trigger reactions in mention-gated groups to enqueue agent-visible system events that should remain restricted.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • OpenClaw/Openclaw2 versions
    cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*+ 1 more
    • cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*range: <2026.3.25
    • (no CPE)range: < | version_range>

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.