CVE-2026-35664: OpenClaw: Feishu Raw Card Send Surface Can Mint Legacy Card Callbacks That Bypass DM Pairing

March 29, 2026 (updated April 10, 2026)

Feishu Raw card Send Surface Can Mint Legacy Card Callbacks That Bypass DM Pairing

References

github.com/advisories/GHSA-77w2-crqv-cmv3
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/81c45976db532324b5a0918a70decc19520dc354
github.com/openclaw/openclaw/security/advisories/GHSA-77w2-crqv-cmv3
nvd.nist.gov/vuln/detail/CVE-2026-35664

Code Behaviors & Features

Detect and mitigate CVE-2026-35664 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →