CVE-2026-35659

MEDIUM 4.6

OpenClaw < 2026.3.22 - Unresolved Service Metadata Routing via Bonjour and DNS-SD Discovery

CVSS Score

4.6

EPSS Score

0.0%

EPSS Percentile

0th

OpenClaw before 2026.3.22 contains a service discovery vulnerability where TXT metadata from Bonjour and DNS-SD could influence CLI routing even when actual service resolution failed. Attackers can exploit unresolved hints to steer routing decisions to unintended targets by providing malicious discovery metadata.

CWE	CWE-345
Vendor	openclaw
Product	openclaw
Published	Apr 10, 2026
Last Updated	Apr 10, 2026

Stay Ahead of the Next One

Get instant alerts for openclaw openclaw

Be the first to know when new medium vulnerabilities affecting openclaw openclaw are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Affected Versions

OpenClaw / OpenClaw

0 < 2026.3.22

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/openclaw/openclaw/security/advisories/GHSA-rvqr-hrcc-j9vv github.com: https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87 github.com: https://github.com/openclaw/openclaw/commit/deecf68b59a9b7eea978e40fd3c2fe543087b569 vulncheck.com: https://www.vulncheck.com/advisories/openclaw-unresolved-service-metadata-routing-via-bonjour-and-dns-sd-discovery

Credits

🔍 Nathan (@nexrin) KeenSecurityLab