Security Advisory

CVE-2026-35667

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-10 16:03:26

Last updated 2026-04-10 20:17:55

Assigner VulnCheck

State PUBLISHED

Description

OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-27486 where the !stop chat command uses an unpatched killProcessTree function from shell-utils.ts that sends SIGKILL immediately without graceful SIGTERM shutdown. Attackers can trigger process termination via the !stop command, causing data corruption, resource leaks, and skipped security-sensitive cleanup operations.

← Browse all CVEs View on cve.org ↗