CVE-2026-35630 — OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval butt — CVE Database · The Intelligence Room