Lucene search
+L

4 matches found

vulnrichment
vulnrichment
added 2026/03/29 12:44 p.m.3 views

CVE-2026-32922 OpenClaw < 2026.3.11 - Privilege Escalation via Unvalidated Scope in device.token.rotate

OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constrain newly minted scopes to the caller's current scope set. Attackers can obtain operator.admin toke...

9.9CVSS6.5AI score0.0054EPSS
Exploits0References2
cvelist
cvelist
added 2026/03/29 12:44 p.m.21 views

CVE-2026-32922 OpenClaw < 2026.3.11 - Privilege Escalation via Unvalidated Scope in device.token.rotate

OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constrain newly minted scopes to the caller's current scope set. Attackers can obtain operator.admin toke...

9.9CVSS0.0054EPSS
Exploits0References2
osv
osv
added 2026/03/29 12:44 p.m.3 views

CVE-2026-32922 OpenClaw < 2026.3.11 - Privilege Escalation via Unvalidated Scope in device.token.rotate

OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constrain newly minted scopes to the caller's current scope set. Attackers can obtain operator.admin toke...

9.4CVSS7.8AI score0.0054EPSS
Exploits0References4
cve
cve
added 2026/03/29 12:44 p.m.23 views

CVE-2026-32922

OpenClaw prior to 2026.3.11 contains a privilege escalation in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes than their own. The root cause is failure to constrain newly minted scopes to the caller’s current scope set. Attackers can obtain ...

9.9CVSS6.5AI score0.0054EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder