CVE-2026-35648
Policy Bypass in OpenClaw Node Actions Enables Unauthorized Commands
Publication date: 2026-04-10
Last updated on: 2026-04-13
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.3.22 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-367 | The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-35648 is a policy bypass vulnerability in OpenClaw versions before 2026.3.22. It occurs because queued node actions are not revalidated against the current command policy when they are delivered to a node. This means that commands that were allowed when queued but later disallowed due to policy tightening can still be executed, allowing attackers to exploit stale allowlists or declarations to run unauthorized commands.
The vulnerability is related to a Time-of-check Time-of-use (TOCTOU) race condition where the system fails to check the validity of queued commands at the time of execution, leading to potential unauthorized actions.
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute unauthorized commands on nodes managed by OpenClaw by exploiting commands that were previously allowed but have since been disallowed by updated policies. This can lead to execution of harmful or disallowed actions that bypass current security controls.
Because queued actions are not revalidated at delivery time, the system's security policies can be effectively bypassed, increasing the risk of unauthorized access or control over affected nodes.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the vulnerability CVE-2026-35648, you should update OpenClaw to version 2026.3.22 or later, where the issue has been fixed.
The fix involves revalidating queued node actions against the current command policy at the time of delivery, ensuring that any commands no longer allowed by the updated policy are dropped and not executed.
- Apply the patch or upgrade to OpenClaw 2026.3.22 or newer.
- Verify that your system uses the updated code that includes the function `resolveAllowedPendingNodeActions` to filter pending node actions.
- Run regression tests similar to those added in the fix to confirm that disallowed queued actions are properly dropped.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in OpenClaw allows unauthorized commands to be executed due to queued node actions not being revalidated against the current command policy. This could potentially lead to unauthorized access or actions within a system.
While the provided information does not explicitly mention compliance with standards such as GDPR or HIPAA, the presence of unauthorized command execution could imply risks related to data integrity and security controls required by such regulations.
The fix introduced ensures that queued actions are revalidated against the current policy before execution, which strengthens enforcement of security policies and reduces the risk of unauthorized actions, thereby supporting compliance with security requirements common in standards like GDPR and HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves queued node actions in OpenClaw not being revalidated against the current command policy when delivered, allowing unauthorized commands to execute if stale allowlists persist.
To detect exploitation or presence of this vulnerability on your system, you should monitor queued node actions and verify whether they are being revalidated against the current command policy before execution.
Specifically, you can check the pending node actions queue and compare the commands in the queue against the current allowlist or declared commands for each node. If commands that should be disallowed are still queued or executed, this indicates the vulnerability is present.
Since the fix involves the function `resolveAllowedPendingNodeActions` filtering queued actions at delivery time, you can audit your OpenClaw version and confirm whether this function or equivalent revalidation logic is in place.
Regarding commands, while no explicit detection commands are provided in the resources, you can use OpenClaw's administrative or debugging interfaces to list pending node actions and their associated commands, then cross-check these against the current node command allowlist.
For example, if you have access to the OpenClaw server environment, you might run commands or scripts that invoke the listing of pending actions and verify their commands against the current policy. This could be done by inspecting logs or using OpenClaw's API or CLI tools if available.
If you observe queued commands such as "camera.snap" or "canvas.navigate" that have been removed from the allowlist but are still executed or delivered, this indicates the vulnerability is exploitable on your system.