The vulnerability in OpenClaw allows an attacker to use a WebSocket shared‑token or password‑authenticated connection to declare elevated authorization scopes that are not bound by the server. The attacker can therefore request scopes such as operator.admin and perform privileged gateway operations normally restricted to administrators. This flaw results in a loss of integrity and a severe compromise of the system’s control plane because an unauthorized user can effectively elevate their privileges within the OpenClaw environment.

All installations of the OpenClaw software with a version older than 2026.3.12 are affected. This includes typically web‑application and API services that rely on the WebSocket connection path for authentication. The flaw is present in the OpenClaw product itself and may involve Node.js components in the same code base. Users running any 2026.3.11 or earlier release should consider their installations at risk.

The flaw is rated as CVSS 9.4, indicating a very high severity. The EPSS score is below 1%, suggesting a low estimated exploitation probability, and the vulnerability is not yet listed in the CISA KEV catalog. The likely attack vector is a remote WebSocket connection that an attacker can forge or interpose on an unsuspecting client. Once the connection is established, the attacker can cause the server to grant administrative scopes without proper validation. Given the high impact and the remote nature of the exploit, organizations should treat this as a critical risk pending mitigation.