Description
OpenClaw before 2026.4.8 contains a privilege escalation vulnerability allowing previously paired nodes to reconnect with exec-capable commands without the operator.admin scope requirement. Attackers can bypass re-pairing authentication to execute privileged commands on the local assistant system.
Published: 2026-04-28
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenClaw before 2026.4.8 contains a privilege escalation vulnerability that allows a previously paired node to reconnect and issue exec‑capable commands without requiring the operator.admin scope. Attackers can bypass the re‑pairing authentication to execute privileged commands on the local assistant system. This flaw, identified as CWE‑863, enables an attacker who controls a previously paired node to elevate privileges on the local assistant system, potentially allowing arbitrary command execution, data modification, or service disruption.

Affected Systems

All installations of OpenClaw running a version earlier than 2026.4.8 are affected. The vulnerability applies to the OpenClaw application that runs on the node.js platform and uses its pairing feature to accept new connections from previously paired nodes.

Risk and Exploitability

The CVSS score of 7.3 classifies this issue as high severity. The EPSS score is reported to be less than 1% (effectively 0.00023), indicating a low but non‑zero exploitation probability, and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector requires the attacker to own or compromise a node that has already been paired with the target system; once that node is able to initiate a reconnection, the attacker can execute privileged commands without additional authentication.

Generated by OpenCVE AI on May 26, 2026 at 15:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to OpenClaw 2026.4.8 or newer to apply the vendor fix
  • Enforce that only users with the operator.admin scope can reconnect nodes, modifying the pairing logic to validate scope before executing commands
  • Disable or restrict pairing of untrusted or remotely controlled nodes, limiting reconnection to trusted devices only
  • Review local assistant systems for evidence of unauthorized command execution and remove any compromised nodes

Generated by OpenCVE AI on May 26, 2026 at 15:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-5wj5-87vq-39xm OpenClaw: Node Pairing Reconnect Command Escalation Bypasses operator.admin Scope Requirement
History

Tue, 26 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.4.8 contains a privilege escalation vulnerability allowing previously paired nodes to reconnect with exec-capable commands without operator.admin scope requirement. Attackers can bypass re-pairing authentication to execute privileged commands on the local assistant system. OpenClaw before 2026.4.8 contains a privilege escalation vulnerability allowing previously paired nodes to reconnect with exec-capable commands without the operator.admin scope requirement. Attackers can bypass re-pairing authentication to execute privileged commands on the local assistant system.

Wed, 29 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 28 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.4.8 contains a privilege escalation vulnerability allowing previously paired nodes to reconnect with exec-capable commands without operator.admin scope requirement. Attackers can bypass re-pairing authentication to execute privileged commands on the local assistant system.
Title OpenClaw < 2026.4.8 - Command Escalation via Node Pairing Reconnect Bypass
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-863
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 7.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-26T11:52:18.328Z

Reserved: 2026-04-27T11:40:07.151Z

Link: CVE-2026-42432

cve-icon Vulnrichment

Updated: 2026-04-29T18:19:56.214Z

cve-icon NVD

Status : Modified

Published: 2026-04-28T19:37:47.190

Modified: 2026-06-17T10:47:49.907

Link: CVE-2026-42432

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T16:00:11Z

Weaknesses