CVE-2026-32922 in OpenClawinformation

Résumé (Anglaise)

OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constrain newly minted scopes to the caller's current scope set. Attackers can obtain operator.admin tokens for paired devices and achieve remote code execution on connected nodes via system.run or gain unauthorized gateway-admin access.

Responsable

VulnCheck

Réserver

16/03/2026

Divulgation

29/03/2026

Entrées

Publié	Base	Temp	Vulnérabilité	CWE	Prod	Exp	Con	EPSS	CTI	CVE
29/03/2026	8.1	7.9	OpenClaw device.token.rotate élévation de privilèges	266	Artificial Intelligence Software	Non défini	Correctif officiel	0.00000	2.90+	CVE-2026-32922

Montrer plus

Description
Changements
Renseignements sur les menaces
API/JSON

◂ PrécédentAperçuSuivant ▸

Do you know our Splunk app?

Download it now for free!