CVE-2026-35625

HIGH 7.8

OpenClaw < 2026.3.25 - Privilege Escalation via Silent Local Shared-Auth Reconnect

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

9th

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnection to silently escalate privileges and achieve remote code execution on the node.

CWE	CWE-648
Vendor	openclaw
Product	openclaw
Published	Apr 9, 2026
Last Updated	Apr 14, 2026

Stay Ahead of the Next One

Get instant alerts for openclaw openclaw

Be the first to know when new high vulnerabilities affecting openclaw openclaw are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

OpenClaw / OpenClaw

0 < 2026.3.25

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/openclaw/openclaw/security/advisories/GHSA-fqw4-mph7-2vr8 github.com: https://github.com/openclaw/openclaw/commit/81ebc7e0344fd19c85778e883bad45e2da972229 vulncheck.com: https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-silent-local-shared-auth-reconnect

Credits

🔍 Peng Zhou (@zpbrent)