TROYANOSYVIRUS
Back to CVEs

CVE-2026-32922

CRITICAL
9.9

Description

OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constrain newly minted scopes to the caller's current scope set. Attackers can obtain operator.admin tokens for paired devices and achieve remote code execution on connected nodes via system.run or gain unauthorized gateway-admin access.

CVE Details

CVSS v3.1 Score9.9
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published3/29/2026
Last Modified3/31/2026
Sourcenvd
Honeypot Sightings0

Affected Products

openclaw:openclaw

Weaknesses (CWE)

CWE-266

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-4jpw-hj22-2xmc(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-unvalidated-scope-in-device-token-rotate(disclosure@vulncheck.com)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.