CVE-2026-32042
Received Received - Intake
Privilege Escalation in OpenClaw via Unpaired Device Identity Bypass

Publication date: 2026-03-21

Last updated on: 2026-03-23

Assigner: VulnCheck

Description
OpenClaw versions 2026.2.22 prior to 2026.2.25 contain a privilege escalation vulnerability allowing unpaired device identities to bypass operator pairing requirements and self-assign elevated operator scopes including operator.admin. Attackers with valid shared gateway authentication can present a self-signed unpaired device identity to request and obtain higher operator scopes before pairing approval is granted.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-21
Last Modified
2026-03-23
Generated
2026-06-16
AI Q&A
2026-03-21
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32042
EUVD
EUVD-2026-13933
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw From 2026.2.22 (inc) to 2026.2.25 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-32042 is a privilege escalation vulnerability in OpenClaw versions prior to 2026.2.25. It allows attackers who have valid shared gateway authentication to bypass the normal operator pairing requirements by presenting a self-signed, unpaired device identity. This enables them to self-assign elevated operator privileges, including the operator.admin scope, without waiting for pairing approval.

The root cause is an incorrect authorization check where the system fails to enforce mandatory pairing for operator device-identity sessions authenticated via shared tokens. This flaw lets unpaired devices gain higher operator scopes improperly.

Impact Analysis

This vulnerability can lead to unauthorized privilege escalation, allowing attackers to gain elevated operator access on the OpenClaw gateway. Specifically, attackers can bypass pairing controls and assign themselves high-level operator scopes such as operator.admin.

Such unauthorized access can compromise the confidentiality, integrity, and availability of the system, potentially allowing attackers to perform administrative actions, manipulate data, or disrupt services.

Compliance Impact

I don't know

Detection Guidance

This vulnerability involves unpaired device identities bypassing operator pairing requirements by using shared gateway authentication to self-assign elevated operator scopes. Detection would involve monitoring for connection attempts from unpaired devices presenting self-signed device identities requesting operator scopes such as operator.admin.

Since the vulnerability is related to authentication and pairing logic in OpenClaw versions prior to 2026.2.25, detection can focus on identifying unpaired device identity connection attempts that request elevated operator scopes without proper pairing.

Specific commands are not provided in the available resources. However, network or system administrators could monitor OpenClaw gateway logs for pairing requests and connection attempts that are rejected due to missing pairing or that show unpaired devices requesting operator scopes.

Mitigation Strategies

The primary mitigation step is to upgrade OpenClaw to version 2026.2.25 or later, where the vulnerability has been fixed by enforcing mandatory device pairing for operator device-identity sessions authenticated via shared token authentication.

This fix removes the previous logic that allowed unpaired operator devices to bypass pairing when using shared token authentication, ensuring that all operator devices must be paired before gaining operator scopes.

Until the upgrade can be applied, administrators should monitor for unpaired device connection attempts requesting elevated operator scopes and consider restricting shared gateway authentication tokens to trusted devices only.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32042. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart