Privilege Escalation Vulnerability in OpenClaw Affects Non-Admin Operators
CVE-2026-35663
8.7HIGH
What is CVE-2026-35663?
OpenClaw versions prior to 2026.3.25 are susceptible to a privilege escalation flaw. This allows non-administrative users to request expanded scopes during backend reconnect processes. By circumventing established pairing protocols, attackers can assume administrative privileges without proper authorization, posing significant security risks to systems that rely on OpenClaw for managing operations.
Affected Version(s)
OpenClaw 0 < 2026.3.25
OpenClaw 2026.3.25