CVE-2026-35630
EUVD-2026-3333529.05.2026, 16:16
OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval buttons to resolve pending exec or plugin approval requests without proper authorization.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| openclaw | openclaw | 𝑥 < 2026.5.18 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration