← volver
CVE-2026-35625

OpenClaw < 2026.3.25 - Privilege Escalation via Silent Local Shared-Auth Reconnect

CVSS 8.5 HIGHEPSS 0.2%CWE-648
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnection to silently escalate privileges and achieve remote code execution on the node.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
OpenClaw · OpenClaw

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/openclaw/openclaw/commit/81ebc7e0344fd19c85778e883bad45e2da972229https://github.com/openclaw/openclaw/security/advisories/GHSA-fqw4-mph7-2vr8https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-silent-local-shared-auth-reconnect