Lucene search
+L

8 matches found

cve
cve
added 2026/04/10 4:3 p.m.23 views

CVE-2026-35663

CVE-2026-35663 affects OpenClaw prior to 2026.3.25. A privilege-escalation vulnerability allows non-admin operators to self-request broader scopes during backend reconnect, bypassing pairing requirements and reconnecting as operator.admin to gain unauthorized administrative privileges. Impact is ...

8.8CVSS5.8AI score0.00276EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/04/10 4:3 p.m.2 views

CVE-2026-35663

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unauthorized administrative privileges...

8.8CVSS5.8AI score0.00276EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/04/10 4:3 p.m.1 views

CVE-2026-35663 OpenClaw < 2026.3.25 - Privilege Escalation via Backend Reconnect Scope Self-Claim

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unauthorized administrative privileges...

8.8CVSS5.8AI score0.00276EPSS
Exploits0References3
osv
osv
added 2026/04/10 4:3 p.m.4 views

CVE-2026-35663 OpenClaw < 2026.3.25 - Privilege Escalation via Backend Reconnect Scope Self-Claim

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unauthorized administrative privileges...

8.7CVSS5.9AI score0.00276EPSS
Exploits0References5
cvelist
cvelist
added 2026/04/10 4:3 p.m.30 views

CVE-2026-35663 OpenClaw < 2026.3.25 - Privilege Escalation via Backend Reconnect Scope Self-Claim

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unauthorized administrative privileges...

8.8CVSS0.00276EPSS
Exploits0References3
snyk
snyk
added 2026/03/27 10:29 p.m.4 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the backend reconnect process. An attacker can escalate privileges by reconnecting with non-admin operator scopes and self-claiming higher privileges such as...

9.6CVSS5.9AI score0.00276EPSS
Exploits0References3
osv
osv
added 2026/03/27 10:29 p.m.3 views

GHSA-9HJH-FR4F-GXC4 OpenClaw: Gateway Backend Reconnect lets Non-Admin Operator Scopes Self-Claim operator.admin

Summary Gateway Backend Reconnect lets Non-Admin Operator Scopes Self-Claim operator.admin Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Backend-labeled...

9.3CVSS5.9AI score0.00276EPSS
Exploits0References3
github
github
added 2026/03/27 10:29 p.m.8 views

OpenClaw: Gateway Backend Reconnect lets Non-Admin Operator Scopes Self-Claim operator.admin

Summary Gateway Backend Reconnect lets Non-Admin Operator Scopes Self-Claim operator.admin Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Backend-labeled...

8.8CVSS5.9AI score0.00276EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder