Vulnerability Details CVE-2026-35663
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unauthorized administrative privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.0%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2026-35663
-
cpe:2.3:a:openclaw:openclaw:0.1.0
-
cpe:2.3:a:openclaw:openclaw:0.1.1
-
cpe:2.3:a:openclaw:openclaw:0.1.2
-
cpe:2.3:a:openclaw:openclaw:0.1.3
-
cpe:2.3:a:openclaw:openclaw:1.0.4
-
cpe:2.3:a:openclaw:openclaw:1.1.0
-
cpe:2.3:a:openclaw:openclaw:1.2.0
-
cpe:2.3:a:openclaw:openclaw:1.2.1
-
cpe:2.3:a:openclaw:openclaw:1.2.2
-
cpe:2.3:a:openclaw:openclaw:1.3.0
-
cpe:2.3:a:openclaw:openclaw:2.0.0
-
cpe:2.3:a:openclaw:openclaw:2026.1.10
-
cpe:2.3:a:openclaw:openclaw:2026.1.11
-
cpe:2.3:a:openclaw:openclaw:2026.1.11-1
-
cpe:2.3:a:openclaw:openclaw:2026.1.11-2
-
cpe:2.3:a:openclaw:openclaw:2026.1.11-3
-
cpe:2.3:a:openclaw:openclaw:2026.1.12
-
cpe:2.3:a:openclaw:openclaw:2026.1.12-2
-
cpe:2.3:a:openclaw:openclaw:2026.1.13
-
cpe:2.3:a:openclaw:openclaw:2026.1.14-1
-
cpe:2.3:a:openclaw:openclaw:2026.1.15
-
cpe:2.3:a:openclaw:openclaw:2026.1.16-2
-
cpe:2.3:a:openclaw:openclaw:2026.1.20
-
cpe:2.3:a:openclaw:openclaw:2026.1.21
-
cpe:2.3:a:openclaw:openclaw:2026.1.22
-
cpe:2.3:a:openclaw:openclaw:2026.1.23
-
cpe:2.3:a:openclaw:openclaw:2026.1.24
-
cpe:2.3:a:openclaw:openclaw:2026.1.24-1
-
cpe:2.3:a:openclaw:openclaw:2026.1.29
-
cpe:2.3:a:openclaw:openclaw:2026.1.30
-
cpe:2.3:a:openclaw:openclaw:2026.1.5
-
cpe:2.3:a:openclaw:openclaw:2026.1.5-1
-
cpe:2.3:a:openclaw:openclaw:2026.1.5-2
-
cpe:2.3:a:openclaw:openclaw:2026.1.5-3
-
cpe:2.3:a:openclaw:openclaw:2026.1.8
-
cpe:2.3:a:openclaw:openclaw:2026.1.9
-
cpe:2.3:a:openclaw:openclaw:2026.2.1
-
cpe:2.3:a:openclaw:openclaw:2026.2.12
-
cpe:2.3:a:openclaw:openclaw:2026.2.13
-
cpe:2.3:a:openclaw:openclaw:2026.2.14
-
cpe:2.3:a:openclaw:openclaw:2026.2.15
-
cpe:2.3:a:openclaw:openclaw:2026.2.17
-
cpe:2.3:a:openclaw:openclaw:2026.2.19
-
cpe:2.3:a:openclaw:openclaw:2026.2.2
-
cpe:2.3:a:openclaw:openclaw:2026.2.3
-
cpe:2.3:a:openclaw:openclaw:2026.2.6
-
cpe:2.3:a:openclaw:openclaw:2026.2.6-1
-
cpe:2.3:a:openclaw:openclaw:2026.2.6-2
-
cpe:2.3:a:openclaw:openclaw:2026.2.6-3
-
cpe:2.3:a:openclaw:openclaw:2026.2.9