CVE-2026-34507
EUVD-2026-3333429.05.2026, 16:16
OpenClaw before 2026.4.29 contains a policy bypass vulnerability in QQBot admin commands that allows authenticated senders to skip DM-only and allowFrom policy checks. Attackers can route admin commands from unauthorized senders or contexts to execute restricted behavior that policy should have blocked.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| openclaw | openclaw | 𝑥 < 2026.4.29 |
𝑥
= Vulnerable software versions