CVE-2026-35625

HIGH

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnection to silently escalate privileges and achieve remote code execution on the node.

CVSS v3.1 Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Complexity

LOW

Privileges

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Published: 4/9/2026Modified: 4/16/2026

Related Intelligence (0)

No articles currently reference this CVE.

References (3)

https://github.com/openclaw/openclaw/commit/81ebc7e0344fd19c85778e883bad45e2da972229Patch https://github.com/openclaw/openclaw/security/advisories/GHSA-fqw4-mph7-2vr8Vendor Advisory https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-silent-local-shared-auth-reconnectThird Party Advisory