CVE-2026-35662 — OpenClaw before 2026.3.22 fails to enforce controlScope restrictions on the send action, allowing leaf subagents to message controlled child sessions beyond their authorized scope. Attackers can explo — CVE Database · The Intelligence Room