Description

OpenClaw before 2026.3.22 contains a webhook path route replacement vulnerability in the Synology Chat extension that allows attackers to collapse multi-account configurations onto shared webhook paths. Attackers can exploit inherited or duplicate webhook paths to bypass per-account DM access control policies and replace route ownership across accounts.

INFO

Published Date :

2026-04-09T21:27:05.119Z

Last Modified :

2026-04-09T21:27:05.119Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2026-35635 vulnerability.

Vendors Products
Openclaw
  • Openclaw
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-35635.

URL Resource
https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87 cve-icon cve-icon
https://github.com/openclaw/openclaw/commit/980940aa58f862da4e19372597bbc2a9f268d70b cve-icon cve-icon
https://github.com/openclaw/openclaw/security/advisories/GHSA-rqp8-q22p-5j9q cve-icon cve-icon
https://www.vulncheck.com/advisories/openclaw-webhook-path-route-replacement-vulnerability-in-synology-chat cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact