CVE-2026-35659

Publication date

2026-04-10 16:03:20

Family

VulnCheck

State

PUBLISHED

Description

OpenClaw before 2026.3.22 contains a service discovery vulnerability where TXT metadata from Bonjour and DNS-SD could influence CLI routing even when actual service resolution failed. Attackers can exploit unresolved hints to steer routing decisions to unintended targets by providing malicious discovery metadata.