Main Vulnerability Database Vulnerabilities #VU125087

#VU125087 Incorrect authorization in OpenClaw - CVE-2026-32042

Published: April 7, 2026

Vulnerability identifier: #VU125087

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-32042

CWE-ID: CWE-863

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
OpenClaw

Software vendor:
OpenClaw

Description

The vulnerability allows a remote user to escalate privileges.

The vulnerability exists due to improper access control in the operator pairing and scope assignment logic when attaching an unpaired device identity using shared gateway authentication. A remote user can present a self-signed, unpaired device identity and request elevated operator scopes to escalate privileges.

The issue can allow assignment of higher operator scopes, including operator.admin, before pairing approval.

Remediation

Install security update from vendor's website.

External links

https://github.com/openclaw/openclaw/security/advisories/GHSA-553v-f69r-656j

#VU125087 Incorrect authorization in OpenClaw - CVE-2026-32042

Description

Remediation

External links

Please verify you're human