CVE-2026-35617

| EUVD-2026-21101 LOW
2026-04-09 VulnCheck
2.3
CVSS 4.0

CVSS Vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Analysis Generated
Apr 09, 2026 - 21:45 vuln.today
EUVD ID Assigned
Apr 09, 2026 - 21:45 euvd
EUVD-2026-21101
Patch Released
Apr 09, 2026 - 21:45 nvd
Patch available
CVE Published
Apr 09, 2026 - 21:26 nvd
LOW 2.3

Tags

Google Authentication Bypass Openclaw

Description

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy enforcement that relies on mutable space display names. Attackers can rebind group policies by changing or colliding space display names to gain unauthorized access to protected resources.

Analysis

OpenClaw before version 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy enforcement where attackers with authenticated access can manipulate space display names to rebind group policies and gain unauthorized access to protected resources. The vulnerability requires authenticated access and high attack complexity but affects confidentiality and integrity of protected data. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

12
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +12
POC: 0

Share

CVE-2026-35617 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy