Description
OpenClaw versions 2026.2.22 prior to 2026.2.25 contain a privilege escalation vulnerability allowing unpaired device identities to bypass operator pairing requirements and self-assign elevated operator scopes including operator.admin. Attackers with valid shared gateway authentication can present a self-signed unpaired device identity to request and obtain higher operator scopes before pairing approval is granted.
Published: 2026-03-21
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Patch Immediately
AI Analysis

Impact

OpenClaw versions 2026.2.22 through 2026.2.24 allow an attacker to elevate privileges by using an unpaired device identity. The flaw lets a device that has not completed the official pairing process request and receive elevated operator scopes, including operator.admin, before the operator pairing approval is granted. This can give an attacker full control over the OpenClaw system.

Affected Systems

The vulnerability affects OpenClaw software from the vendor OpenClaw. All installations running a version earlier than 2026.2.25 are susceptible, including the 2026.2.22, 2026.2.23, and 2026.2.24 releases.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity. An attacker must possess valid shared gateway authentication credentials to exploit the flaw; the attack is therefore likely limited to users who can obtain or guess these credentials. EPSS data is not available, and the vulnerability is not currently listed in the CISA KEV catalog. Still, the ability to grant admin rights without proper pairing approval makes this a serious risk for any environment using the affected OpenClaw versions.

Generated by OpenCVE AI on March 21, 2026 at 06:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply vendor patch to version 2026.2.25 or later

Generated by OpenCVE AI on March 21, 2026 at 06:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Sat, 21 Mar 2026 05:30:00 +0000

Type Values Removed Values Added
Description OpenClaw versions 2026.2.22 prior to 2026.2.25 contain a privilege escalation vulnerability allowing unpaired device identities to bypass operator pairing requirements and self-assign elevated operator scopes including operator.admin. Attackers with valid shared gateway authentication can present a self-signed unpaired device identity to request and obtain higher operator scopes before pairing approval is granted.
Title OpenClaw < 2026.2.25 - Privilege Escalation via Unpaired Device Identity in Shared Gateway Authentication
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-863
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-24T15:23:43.265Z

Reserved: 2026-03-10T19:48:44.964Z

Link: CVE-2026-32042

cve-icon Vulnrichment

Updated: 2026-03-24T15:23:18.202Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-21T01:17:06.547

Modified: 2026-03-23T17:10:21.597

Link: CVE-2026-32042

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:33:31Z

Weaknesses