Skip to content
CVSS 7.1 · HIGH

CVE-2026-42429

OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism that widens identity-bearing operator.read requests into runtime operator.write permissions. Attackers can exploit this by sending read-scoped requests through the gateway auth route to gain unauthorized write access to runtime operations.

View on NVD

Analysis

This vulnerability in OpenClaw allows an attacker to escalate operator.read permissions to operator.write via a flaw in the gateway plugin authentication. Although the severity is high, OpenClaw is not a widely used infrastructure component or popular development tool within the community ecosystem.

Severity

Score: 7.1(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
AV: NETWORK
AC: LOW
PR: LOW
UI: NONE
S: UNCHANGED
C: LOW
I: HIGH
A: NONE
Weakness (CWE): CWE-863

EPSS

Probability of exploitation (next 30 days): 0.0006 (0.1%)
Percentile: 17.6%
EPSS: 2026-05-06

Affects

openclaw:openclaw

Technical description

OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism that widens identity-bearing operator.read requests into runtime operator.write permissions. Attackers can exploit this by sending read-scoped requests through the gateway auth route to gain unauthorized write access to runtime operations.

Published: 4/28/2026, 7:37:46 PM
Last modified: 4/30/2026, 2:06:05 PM

References

HomeEventsBlogResourcesTeam