CVE-2026-35625

HIGH

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnection to silently escalate privileges and achieve remote code execution on the node.

CVSS v3.1 Score

7.8
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Complexity
LOW
Privileges
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Published: 4/9/2026Modified: 4/16/2026

Related Intelligence (1)

HIGHVulnerability

NVD HIGH: CVE-2026-35625 — OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where si...

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnection to silently escalate privileges and achieve remote code execution on the node.

CVE-2026-35625
NIST NVD

References (3)

https://github.com/openclaw/openclaw/commit/81ebc7e0344fd19c85778e883bad45e2da972229Patchhttps://github.com/openclaw/openclaw/security/advisories/GHSA-fqw4-mph7-2vr8Vendor Advisoryhttps://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-silent-local-shared-auth-reconnectThird Party Advisory