CVE-2026-35659: OpenClaw: Bonjour/DNS-SD TXT metadata steers CLI routing after failed service resolution

March 26, 2026 (updated April 10, 2026)

Bonjour and DNS-SD TXT metadata could still steer CLI routing even when actual service resolution failed, allowing unresolved hints to influence the chosen target.

References

github.com/advisories/GHSA-rvqr-hrcc-j9vv
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/deecf68b59a9b7eea978e40fd3c2fe543087b569
github.com/openclaw/openclaw/security/advisories/GHSA-rvqr-hrcc-j9vv
nvd.nist.gov/vuln/detail/CVE-2026-35659

Code Behaviors & Features

Detect and mitigate CVE-2026-35659 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →