Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-32042

OpenClaw versions 2026.2.22 prior to 2026.2.25 contain a privilege escalation vulnerability allowing unpaired device identities to bypass operator pairing requirements and self-assign elevated operator scopes including operator.admin. Attackers with valid shared gateway authentication can present a self-signed unpaired device identity to request and obtain higher operator scopes before pairing approval is granted.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 31.2%
CVSS Severity
CVSS v3 Score 8.8
Products affected by CVE-2026-32042
  • Openclaw » Openclaw » Version: 2026.2.22
    cpe:2.3:a:openclaw:openclaw:2026.2.22
  • Openclaw » Openclaw » Version: 2026.2.22-1
    cpe:2.3:a:openclaw:openclaw:2026.2.22-1
  • Openclaw » Openclaw » Version: 2026.2.22-2
    cpe:2.3:a:openclaw:openclaw:2026.2.22-2
  • Openclaw » Openclaw » Version: 2026.2.23
    cpe:2.3:a:openclaw:openclaw:2026.2.23
  • Openclaw » Openclaw » Version: 2026.2.24
    cpe:2.3:a:openclaw:openclaw:2026.2.24


Products
Pricing
Contact Us

Shodan ® - All rights reserved