CVE-2026-35635 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.8 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 13%

Affected Products (NVD)

Vendor	Product	Version
openclaw	openclaw	𝑥 < 2026.3.22

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-706 - Use of Incorrectly-Resolved Name or Reference
The software uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.
CWE-863 - Incorrect Authorization
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References

https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87

https://github.com/openclaw/openclaw/commit/980940aa58f862da4e19372597bbc2a9f268d70b

https://github.com/openclaw/openclaw/security/advisories/GHSA-rqp8-q22p-5j9q

https://www.vulncheck.com/advisories/openclaw-webhook-path-route-replacement-vulnerability-in-synology-chat