PT-2026-26725 · Openclaw · Openclaw
Tdjackey
·
Publicado
2026-03-03
·
Atualizado
2026-03-22
·
CVE-2026-32042
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OpenClaw versions 2026.2.22 through 2026.2.24
Description
OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation issue. Unpaired device identities can bypass operator pairing requirements and self-assign elevated operator scopes, including
operator.admin. Attackers with valid shared gateway authentication can present a self-signed unpaired device identity to request and obtain higher operator scopes before pairing approval is granted.Recommendations
Update OpenClaw to version 2026.2.25 or later.
Correção
LPE
Incorrect Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Openclaw