CVE-2026-35624

OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room names instead of stable room tokens. Attackers can exploit similarly named rooms to bypass allowlist policies and gain unauthorized access to protected Nextcloud Talk rooms.

CVSS v3 4.2 MEDIUM

4.2^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87	Patch
https://github.com/openclaw/openclaw/commit/a47722de7e3c9cbda8d5512747ca7e3bb8f6ee66	Patch
https://github.com/openclaw/openclaw/security/advisories/GHSA-xhq5-45pm-2gjr	Vendor Advisory
https://www.vulncheck.com/advisories/openclaw-policy-confusion-via-room-name-collision-in-nextcloud-talk	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*

History

17 Apr 2026, 12:18

Type	Values Removed	Values Added
References	~~() https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87 -~~	() https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87 - Patch
References	~~() https://github.com/openclaw/openclaw/commit/a47722de7e3c9cbda8d5512747ca7e3bb8f6ee66 -~~	() https://github.com/openclaw/openclaw/commit/a47722de7e3c9cbda8d5512747ca7e3bb8f6ee66 - Patch
References	~~() https://github.com/openclaw/openclaw/security/advisories/GHSA-xhq5-45pm-2gjr -~~	() https://github.com/openclaw/openclaw/security/advisories/GHSA-xhq5-45pm-2gjr - Vendor Advisory
References	~~() https://www.vulncheck.com/advisories/openclaw-policy-confusion-via-room-name-collision-in-nextcloud-talk -~~	() https://www.vulncheck.com/advisories/openclaw-policy-confusion-via-room-name-collision-in-nextcloud-talk - Third Party Advisory
First Time		Openclaw openclaw Openclaw
CPE		cpe:2.3:a:openclaw:openclaw::::::node.js::*

09 Apr 2026, 22:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-04-09 22:16

Updated : 2026-04-17 12:18

NVD link : CVE-2026-35624

Mitre link : CVE-2026-35624

CVE.ORG link : CVE-2026-35624

JSON object : View

Products Affected

openclaw

openclaw

CWE

CWE-807

Reliance on Untrusted Inputs in a Security Decision

4.2 /10