CVE-2026-35655
Identity Spoofing in OpenClaw ACP Permission Resolution Enables Bypass
Publication date: 2026-04-10
Last updated on: 2026-04-13
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.3.22 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-807 | The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not explicitly address how CVE-2026-35655 affects compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There is no specific information provided in the available resources about direct detection methods or commands to identify exploitation of CVE-2026-35655 on a network or system.
However, since the vulnerability involves spoofing tool identities through rawInput parameters in OpenClaw versions prior to 2026.3.22, detection efforts could focus on monitoring or auditing the ACP permission resolution process for conflicting tool identity hints or unexpected rawInput values.
To detect if a vulnerable version is in use, you can check the installed OpenClaw version and verify if it is older than 2026.3.22, which contains the fix.
No explicit commands or scripts are provided in the resources for detection or exploitation attempts.
Can you explain this vulnerability to me?
CVE-2026-35655 is an identity spoofing vulnerability in OpenClaw versions before 2026.3.22 that affects the ACP (Access Control Policy) permission resolution process.
The vulnerability occurs because the system trusts conflicting tool identity hints coming from rawInput parameters and metadata. Attackers can exploit this by spoofing tool identities through rawInput inputs, which allows them to suppress prompts that warn users about dangerous tools.
This means that attackers can bypass security restrictions by making the system believe a dangerous tool is safe, leading to unauthorized or harmful actions.
The root causes include reliance on untrusted inputs in security decisions (CWE-807) and incorrect authorization checks (CWE-863). The issue was fixed by enforcing a fail-closed behavior when conflicting tool identity hints are detected, denying access rather than trusting spoofable inputs.
How can this vulnerability impact me? :
This vulnerability can allow attackers to spoof tool identities and suppress security prompts designed to warn users about dangerous tools.
As a result, attackers may bypass security restrictions and execute unauthorized or harmful actions within the OpenClaw environment.
This could lead to increased risk of exploitation, unauthorized access, or execution of dangerous commands without user awareness.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2026-35655 vulnerability, you should upgrade OpenClaw to version 2026.3.22 or later, where the issue has been fixed.
The fix involves changes that enforce strict validation of tool identity hints in the ACP permission resolution process, causing the system to fail closed when conflicting tool identity hints are detected. This prevents attackers from spoofing tool identities via rawInput parameters and suppressing dangerous-tool prompts.
Ensure that your deployment uses the patched versions (2026.3.22, 2026.3.23, or 2026.3.23-2) and verify that the security improvements related to tool identity verification are in place.