CVE-2026-35634 | OpenClaw up to 2026.3.22 authorizeCanvasRequest authentication bypass (GHSA-6mqc-jqh6-x8fc)

Inserito da Angelo Barbosa | Apr 10, 2026 | CVE

A vulnerability, which was classified as critical, was found in OpenClaw up to 2026.3.22. The impacted element is the function authorizeCanvasRequest. Such manipulation leads to authentication bypass using alternate channel.

This vulnerability is uniquely identified as CVE-2026-35634. Local access is required to approach this attack. No exploit exists.

You should upgrade the affected component.

CVE-2026-35634 | OpenClaw up to 2026.3.22 authorizeCanvasRequest authentication bypass (GHSA-6mqc-jqh6-x8fc)

Post correlati

CVE-2024-2321 | WSO2 API Manager/Identity Server Refresh Token authorization

CVE-2026-3180 | Contest Gallery Plugin up to 28.1.4/28.1.5 on WordPress cgLostPasswordEmail/cgl_mail sql injection

CVE-2024-2946 | devitemsllc ShopLentor Plugin up to 2.8.4 on WordPress QR Code Widget cross site scripting

CVE-2023-50730 | graphql/grackle GraphQL Query stack-based overflow