CVE-2026-35659 MEDIUM

CVE-2026-35659: OpenClaw < 2026.3.22 - Unresolved Service Metadata Routing via Bonjour and DNS-SD Discovery

Vendor Openclaw
Product OpenClaw
Weakness CWE-345
Published April 10, 2026
Last update April 10, 2026

CVSS base score

5.1/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

OpenClaw before 2026.3.22 contains a service discovery vulnerability where TXT metadata from Bonjour and DNS-SD could influence CLI routing even when actual service resolution failed. Attackers can exploit unresolved hints to steer routing decisions to unintended targets by providing malicious discovery metadata.

Key dates

02Disclosure timeline

April 10, 2026 CVE published
April 10, 2026 Record updated

Related vulnerabilities

04Related CVE