EUVD-2026-13933
GHSA-r3gm-fv85-xjqj
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
5Description
OpenClaw versions 2026.2.22 prior to 2026.2.25 contain a privilege escalation vulnerability allowing unpaired device identities to bypass operator pairing requirements and self-assign elevated operator scopes including operator.admin. Attackers with valid shared gateway authentication can present a self-signed unpaired device identity to request and obtain higher operator scopes before pairing approval is granted.
Analysis
OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated attackers to bypass device pairing requirements and self-assign elevated operator.admin scopes. Attackers with valid shared gateway authentication credentials can present self-signed unpaired device identities to obtain administrator privileges before pairing approval is granted. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all systems running OpenClaw 2026.2.22-2026.2.24 and assess exposure scope; notify relevant teams and restrict administrative access where possible. Within 7 days: Apply vendor patch to all affected OpenClaw instances and validate successful deployment through system testing. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today