Listen to this Post
How CVE-2026-35630 Works
OpenClaw’s QQBot channel provides native approval buttons that allow authorized approvers to approve pending `exec` and plugin installation requests. In versions prior to 2026.5.18, the callback path that handles these button interactions fails to enforce the configured QQBot approver identity.
The text‑command approval path correctly includes an authorization check, but the native button callback was implemented without the same validation logic. When a user clicks an approval button, the system should verify that the clicking user is listed as an authorized approver before resolving the pending request. However, due to missing identity verification (CWE‑862), the button callback resolves the approval without checking who clicked it.
This means any QQ user who can view the approval message—regardless of their configured approver status—can click the button and have the pending request approved. The vulnerability is triggered solely by visibility of the approval message; no additional privileges are required. Depending on the pending request, this could authorize an `exec` command (potentially executing arbitrary system commands) or install a plugin, both of which should have required an authorized approver. The flaw exists in the QQBot native approval button handler and does not affect the text‑command approval path, which uses the proper authorization checks. The attack surface is particularly concerning because it operates within a messaging platform where users may have varying trust levels.
DailyCVE Form:
Platform: ……. OpenClaw
Version: …….. < 2026.5.18
Vulnerability :…… Authorization Bypass
Severity: ……. Critical
date: ………. 2026-05-29
Prediction: …… 2026-05-18
What Undercode Say:
Check current OpenClaw version openclaw --version Verify QQBot approval button handler logic (pre‑patch) grep -r "approval.callback" /path/to/openclaw/qqbot/ Audit authorization checks in button callback grep -A 10 "def.approval_button" /path/to/openclaw/qqbot/handlers.py
Analytics:
- CVE ID: CVE-2026-35630
- Published: 2026-05-29
- CVSS Score: Critical (per VulDB classification)
- CWE: CWE‑862 (Missing Authorization)
- ATT&CK: T1078.004 (Valid Accounts: Cloud Accounts)
- Affected Component: QQBot Native Approval Buttons
- Fixed Version: 2026.5.18
Exploit:
A non‑approver who can view an approval message in a QQ conversation can click the native approval button. The callback path processes the click and resolves the pending `exec` or plugin approval request without checking the clicker’s identity against the configured approver list. No special tools are required—only access to the QQ conversation containing the approval message. The attack can be performed by any authenticated QQ user with visibility to the approval interface.
Protection:
- Immediate: Upgrade to OpenClaw version 2026.5.18 or later.
- Workaround: Avoid delivering native approval buttons into QQ conversations that include users who are not configured as approvers.
- Post‑upgrade: Audit approval workflows and access controls; ensure all approval actions are logged and monitored for unauthorized access attempts.
- Verification: Confirm that the button callback now enforces `approverIdentity` checks before resolving any pending request.
Impact:
A non‑approver who can see an approval message can click the approval button and resolve the pending request. Depending on the pending approval, this could allow:
– Unauthorized execution of system commands via `exec` approvals.
– Unauthorized installation or activation of plugins.
– Privilege escalation and potential lateral movement within the network.
– System compromise, data exfiltration, or unauthorized modifications to system configurations.
🎯Let’s Practice Exploiting & Learn Patching For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

