Security Advisory

CVE-2026-35635

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-09 21:27:05

Last updated 2026-05-25 23:42:09

Assigner VulnCheck

State PUBLISHED

Description

OpenClaw before 2026.3.22 contains a webhook path route replacement vulnerability in the Synology Chat extension that allows attackers to collapse multi-account configurations onto shared webhook paths. Attackers can exploit inherited or duplicate webhook paths to bypass per-account DM access control policies and replace route ownership across accounts.

← Browse all CVEs View on cve.org ↗