Lucene search
+L

8 matches found

euvd
euvd
added 2026/04/10 12:30 a.m.5 views

EUVD-2026-21108

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnection to silently...

8.5CVSS6.5AI score0.00192EPSS
Exploits0References4
nvd
nvd
added 2026/04/09 10:16 p.m.5 views

CVE-2026-35625

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnection to silently...

8.5CVSS0.00192EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/04/09 9:26 p.m.4 views

CVE-2026-35625 OpenClaw < 2026.3.25 - Privilege Escalation via Silent Local Shared-Auth Reconnect

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnection to silently...

8.5CVSS6.4AI score0.00192EPSS
Exploits0References3
osv
osv
added 2026/04/09 9:26 p.m.3 views

CVE-2026-35625 OpenClaw < 2026.3.25 - Privilege Escalation via Silent Local Shared-Auth Reconnect

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnection to silently...

8.5CVSS6.6AI score0.00192EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/04/09 9:26 p.m.2 views

CVE-2026-35625

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnection to silently...

8.5CVSS6.5AI score0.00192EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/04/09 12:0 a.m.4 views

PT-2026-31761

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnection to silently...

8.5CVSS6.5AI score0.00192EPSS
Exploits0References4
snyk
snyk
added 2026/03/27 10:29 p.m.5 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the gateway shared-auth reconnect process. An attacker can gain elevated privileges and execute arbitrary code by exploiting the auto-approval of scope-upgrade...

9.4CVSS6.2AI score0.00192EPSS
Exploits0References2
github
github
added 2026/03/27 10:29 p.m.10 views

OpenClaw: Silent privilege escalation via gateway shared-auth reconnect

Summary Gateway local shared-auth reconnect silently widens paired device scope from operator.read to operator.admin and reach node RCE Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verificati...

5.9AI score
Exploits0References3Affected Software1
Rows per page
Query Builder