PT-2026-31974 · Openclaw · Openclaw
Peng Zhou
·
Published
2026-04-10
·
Updated
2026-04-10
·
CVE-2026-35663
CVSS v3.1
8.8
High
| AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unauthorized administrative privileges.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openclaw