Vulnerabilities

CVE-2026-35642

by Fred · 09/04/2026

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction events bypass the requireMention access control mechanism. Attackers can trigger reactions in mention-gated groups to enqueue agent-visible system events that should remain restricted.

More information : https://github.com/openclaw/openclaw/commit/f8c98630785288cc1f1d0893503ef3b653a3cede

Similar

Tags: Cybersecurity Alert