CVE-2026-32922 in OpenClawinformación

Resumen (Inglés)

OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constrain newly minted scopes to the caller's current scope set. Attackers can obtain operator.admin tokens for paired devices and achieve remote code execution on connected nodes via system.run or gain unauthorized gateway-admin access.

Responsable

VulnCheck

Reservar

2026-03-16

Divulgación

2026-03-29

Voces

Fecha de publicación	Base	Temp	Vulnerabilidad	CWE	Prod	Exp	Con	EPSS	CTI	CVE
2026-03-29	8.1	7.9	OpenClaw device.token.rotate escalada de privilegios	266	Artificial Intelligence Software	No está definido	Arreglo oficial	0.00000	3.08-	CVE-2026-32922

Mostrar más

Descripción
Cambios
Inteligencia de amenazas
API/JSON

◂ AnteriorVisión De ConjuntoPróximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!