CVE-2026-35639
Privilege Escalation in OpenClaw device.pair.approve Enables RCE
Publication date: 2026-04-09
Last updated on: 2026-04-15
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.3.22 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-648 | The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in OpenClaw versions before 2026.3.22 and involves a flaw in the device.pair.approve method. It allows an operator with pairing approval rights to approve device requests with broader permissions than they actually have. This insufficient validation of operator scope can be exploited by attackers to escalate their privileges to operator.admin level and potentially execute remote code on the Node infrastructure.
How can this vulnerability impact me? :
The impact of this vulnerability includes unauthorized privilege escalation, where an attacker can gain higher-level operator.admin rights than intended. This can lead to remote code execution on the Node infrastructure, potentially compromising the entire system, allowing attackers to control or disrupt operations.