CVE-2026-35670 MEDIUM

CVE-2026-35670: OpenClaw < 2026.3.22 - Webhook Reply Rebinding via Username Resolution in Synology Chat

Vendor Openclaw
Product OpenClaw
Weakness CWE-807
Published April 10, 2026
Last update May 25, 2026

CVSS base score

6.0/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to rebind chat replies to unintended users by exploiting mutable username matching instead of stable numeric user identifiers. Attackers can manipulate username changes to redirect webhook-triggered replies to different users, bypassing the intended recipient binding recorded in webhook events.

Key dates

02Disclosure timeline

April 10, 2026 CVE published
May 25, 2026 Record updated