PT-2026-35810 · Openclaw · Openclaw

Keensecuritylab

Published

2026-04-09

Updated

2026-04-28

CVE-2026-42432

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.8

Description A privilege escalation issue allows previously paired nodes to reconnect and send exec-capable commands without requiring the operator.admin scope. This enables attackers to bypass re-pairing authentication and execute privileged commands on the local assistant system.

Recommendations Update to version 2026.4.8 or later.

Fix

LPE

Incorrect Authorization

Authentication Bypass Using an Alternate Path or Channel

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-288

Related Identifiers

CVE-2026-42432

GHSA-5WJ5-87VQ-39XM

Affected Products

Openclaw

PT-2026-35810 · Openclaw · Openclaw

CVE-2026-42432

Weakness Enumeration

Related Identifiers

Affected Products

References · 8