CVE-2026-35625
Privilege Escalation in OpenClaw Enables Remote Code Execution
Publication date: 2026-04-09
Last updated on: 2026-04-16
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.3.25 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-648 | The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in OpenClaw versions before 2026.3.25 and involves a privilege escalation issue. Specifically, the software silently auto-approves local shared-auth reconnect requests that attempt to upgrade permissions from operator.read to operator.admin. This means that an attacker who can trigger a local reconnection can escalate their privileges without detection.
By exploiting this flaw, an attacker can gain higher-level permissions on the paired device, which can lead to remote code execution on the affected node.
How can this vulnerability impact me? :
The impact of this vulnerability is significant because it allows an attacker with local access to escalate their privileges silently from a lower permission level (operator.read) to a higher one (operator.admin).
This privilege escalation can lead to remote code execution on the node, potentially allowing the attacker to take full control of the device, manipulate data, disrupt operations, or use the device as a foothold for further attacks.