Zero Day MonitorZDM

← Back to list

8.8

CVE-2026-35663EXPLOITEDPATCHED

openclaw · openclaw

OpenClaw < 2026.3.25 - Privilege Escalation via Backend Reconnect Scope Self-Claim

Description

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unauthorized administrative privileges.

Affected Products

Vendor	Product	Versions
openclaw	openclaw	npm/openclaw: <= 2026.3.24

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
open source	openclaw	cert_advisory	90%

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-9hjh-fr4f-gxc4(third-party-advisory)
https://github.com/openclaw/openclaw/commit/d3d8e316bd819d3c7e34253aeb7eccb2510f5f48(patch)
https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-backend-reconnect-scope-self-claim(third-party-advisory)

Related News (2 articles)

Tier B

BSI Advisories5h ago

[NEU] [hoch] OpenClaw: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB2d ago

CVE-2026-35663 | OpenClaw up to 2026.3.24 operator.admin incorrect privileged apis (GHSA-9hjh-fr4f-gxc4)

→ No new info (linked only)

CVSS 3.18.8 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

2026.3.25

CWECWE-269, CWE-863

PublishedApr 10, 2026

Last enriched2d agov2

Tags

CVE-2026-35663

Trending Score60

Source articles2

Independent2

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-25253EXPKEV

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

CRITICALCVE-2026-35647EXP

OpenClaw < 2026.3.25 - Direct Message Policy Bypass via Verification Notices

CRITICALCVE-2026-35669EXP

OpenClaw < 2026.3.25 - Privilege Escalation via Gateway Plugin HTTP Authentication Scope

NONECVE-2026-35668EXP

OpenClaw < 2026.3.24 - Sandbox Media Root Bypass via Unnormalized mediaUrl and fileUrl Parameters

NONECVE-2026-35620EXP

OpenClaw < 2026.3.24 - Missing Authorization in /send and /allowlist Chat Commands

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 10, 2026

Discovered by ZDM

Apr 10, 2026

Actively Exploited

Apr 10, 2026

Patch Available

Apr 10, 2026

Updated: severity, activelyExploited, tags

Apr 10, 2026

Version History

v2

Last enriched 2d ago

v2Tier C2d ago

Updated severity to CRITICAL, marked as actively exploited, and added CVE-2026-35663 as a new tag.

severityactivelyExploitedtags

via VulDB

v13d ago

Initial creation