CVE-2026-35625

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.25

Description OpenClaw contains a privilege escalation issue where silent local shared-auth reconnects automatically approve scope-upgrade requests, increasing paired device permissions from operator.read to operator.admin. An attacker can trigger a local reconnection to escalate privileges and potentially achieve remote code execution on the node.

Recommendations Update to version 2026.3.25 or later.