Platform
nodejs
Component
openclaw
Fixed in
2026.3.11
CVE-2026-32922 represents a critical privilege escalation vulnerability discovered in OpenClaw. This flaw allows attackers with limited operator.pairing scope to escalate privileges by minting tokens with broader, unauthorized scopes. The vulnerability affects versions 0 through 2026.3.11 of OpenClaw and is resolved in version 2026.3.11.
The impact of CVE-2026-32922 is severe. An attacker exploiting this vulnerability can leverage the ability to mint tokens with elevated privileges, specifically operator.admin tokens. This allows for remote code execution on connected nodes via the system.run function or grants unauthorized gateway-admin access. Successful exploitation could lead to complete compromise of the OpenClaw environment and potentially the underlying infrastructure. The ability to escalate privileges in this manner represents a significant security risk, particularly in environments where OpenClaw manages sensitive data or critical operations.
CVE-2026-32922 was publicly disclosed on 2026-03-29. The vulnerability's criticality (CVSS 9.9) indicates a high probability of exploitation. As of this writing, no public proof-of-concept (PoC) code has been released, but the ease of exploitation described in the vulnerability description suggests that a PoC is likely to emerge. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.24% (47% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-32922 is to immediately upgrade OpenClaw to version 2026.3.11 or later. If an immediate upgrade is not feasible due to compatibility concerns or system downtime requirements, consider implementing stricter token scope validation at the application level to limit the potential impact of improperly scoped tokens. While not a direct fix, this can reduce the attack surface. Review and audit existing token usage patterns to identify and restrict any unnecessary broad scopes. After upgrading, verify the fix by attempting to mint a token with a scope exceeding the caller's current permissions; the operation should fail.
Update OpenClaw to version 2026.3.11 or later. This version fixes the privilege escalation vulnerability in the device.token.rotate function.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-32922 is a critical vulnerability in OpenClaw allowing attackers to escalate privileges by minting tokens with broader scopes, potentially leading to remote code execution.
Yes, if you are running OpenClaw versions 0 through 2026.3.11, you are affected by this vulnerability.
Upgrade OpenClaw to version 2026.3.11 or later to remediate the vulnerability. Consider stricter token scope validation as a temporary workaround.
While no active exploitation has been confirmed, the high CVSS score and ease of exploitation suggest a high probability of exploitation.
Refer to the official OpenClaw security advisory for detailed information and updates regarding CVE-2026-32922.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.