Lucene search
K

5 matches found

NVD
NVD
added 2026/06/16 7:17 p.m.10 views

CVE-2026-53862

OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with broader requested scopes. Attackers can replay bootstrap tokens before approval to escalate pairing authority beyond intended scope limits...

5.4CVSS0.00088EPSS
Exploits0References2
CVE
CVE
added 2026/04/10 4:3 p.m.17 views

CVE-2026-35663

CVE-2026-35663 affects OpenClaw prior to 2026.3.25. A privilege-escalation vulnerability allows non-admin operators to self-request broader scopes during backend reconnect, bypassing pairing requirements and reconnecting as operator.admin to gain unauthorized administrative privileges. Impact is ...

8.8CVSS5.8AI score0.00276EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/03/31 3:16 p.m.4 views

CVE-2026-33577

OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node pairing approval path that allows low-privilege operators to approve nodes with broader scopes. Attackers can exploit missing callerScopes validation in node-pairing.ts to extend privileges onto paired...

8.6CVSS0.00379EPSS
Exploits0References3
NVD
NVD
added 2026/03/29 1:17 p.m.5 views

CVE-2026-32922

OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constrain newly minted scopes to the caller's current scope set. Attackers can obtain operator.admin toke...

9.9CVSS0.0054EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.7 views

PT-2026-31974

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.25 Description OpenClaw contains a privilege escalation issue that allows non-administrator users to request broader scopes during backend reconnection. This bypasses pairing requirements, enabling attackers t...

9.3CVSS5.8AI score0.00276EPSS
Exploits0References9
Rows per page
Query Builder