Vulnerability DatabaseCVE-2026-35670

CVE-2026-35670:
OpenClaw (formerly Moltbot or Clawdbot) vulnerability analysis and mitigation

OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to rebind chat replies to unintended users by exploiting mutable username matching instead of stable numeric user identifiers. Attackers can manipulate username changes to redirect webhook-triggered replies to different users, bypassing the intended recipient binding recorded in webhook events.

Source: NVD

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

6

Score

Published April 10, 2026

Severity MEDIUM

CNA Score 6.0

Affected Technologies

OpenClaw (formerly Moltbot or Clawdbot)

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 22.5

Exploitation Probability (EPSS) 0.1

Affected packages and libraries

openclaw

Sources

NVD
GitHub Advisory Database
- npm Severity MEDIUMHas FixAdded at: Apr 12, 2026
Homebrew
- Homebrew Severity HIGHHas FixAdded at: Apr 14, 2026
Minimus
- MinimOS Severity HIGHHas FixAdded at: Apr 12, 2026

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related OpenClaw (formerly Moltbot or Clawdbot) vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-35669	HIGH	8.7	OpenClaw (formerly Moltbot or Clawdbot)	openclaw	No	Yes	Apr 10, 2026
CVE-2026-28291	HIGH	8.1	JavaScript	grafana-prometheus	No	Yes	Apr 13, 2026
CVE-2026-35668	HIGH	7.1	OpenClaw (formerly Moltbot or Clawdbot)	openclaw	No	Yes	Apr 10, 2026
CVE-2026-35667	MEDIUM	6.9	OpenClaw (formerly Moltbot or Clawdbot)	openclaw	No	Yes	Apr 10, 2026
CVE-2026-35670	MEDIUM	6	OpenClaw (formerly Moltbot or Clawdbot)	openclaw	No	Yes	Apr 10, 2026