← voltar
CVE-2026-35625

OpenClaw < 2026.3.25 - Privilege Escalation via Silent Local Shared-Auth Reconnect

CVSS 8.5 HIGHEPSS 0.2%CWE-648
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnection to silently escalate privileges and achieve remote code execution on the node.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
OpenClaw · OpenClaw

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/openclaw/openclaw/commit/81ebc7e0344fd19c85778e883bad45e2da972229https://github.com/openclaw/openclaw/security/advisories/GHSA-fqw4-mph7-2vr8https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-silent-local-shared-auth-reconnect