2 matches found
CVE-2026-35634
OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasRequest unconditionally allows local-direct requests without validating bearer tokens or canvas capabilities. Attackers can send unauthenticated loopback HTTP and WebSocket request...
@agentholdings/agent-passport (=0.1.0), @themw123/opencode-copilot-account-switcher (>=0.14.39 <=0.14.42) +5 more potentially affected by CVE-2026-35634 via openclaw (>=2026.3.22 <=2026.3.23-1)
openclaw NPM version =2026.3.22, =0.14.39, =0.1.1, =0.0.7, =0.14.6, =0.1.0, =0.1.5 Source cves: CVE-2026-35634 Source advisory: SNYK:JS-OPENCLAW-15789461...