3 matches found
CVE-2026-35625
OpenClaw CVE-2026-35625 describes a privilege-escalation in OpenClaw up to version 2026.3.25 where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. The root cause is the auto-approval during silent lo...
OpenClaw: Silent privilege escalation via gateway shared-auth reconnect
Summary Gateway local shared-auth reconnect silently widens paired device scope from operator.read to operator.admin and reach node RCE Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verificati...
GHSA-FQW4-MPH7-2VR8 OpenClaw: Silent privilege escalation via gateway shared-auth reconnect
Summary Gateway local shared-auth reconnect silently widens paired device scope from operator.read to operator.admin and reach node RCE Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verificati...