EUVD-2026-21108
GHSA-8vgj-c3fx-pprx
CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnection to silently escalate privileges and achieve remote code execution on the node.
Analysis
Privilege escalation in OpenClaw (versions prior to 2026.3.25) enables authenticated local attackers to silently elevate permissions from operator.read to operator.admin during shared-auth reconnection events, achieving remote code execution on affected nodes. The vulnerability exploits auto-approval of scope-upgrade requests in local reconnection flows, requiring low-privilege local access (PR:L) with no user interaction. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all OpenClaw deployments and document current versions in use. Within 7 days: Apply vendor patch to OpenClaw 2026.3.25 or later (commit 81ebc7e0344fd19c85778e883bad45e2da972229) to all affected instances, prioritizing systems with multiple local user accounts. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today