Skip to content
CVSS 7.8 · HIGH

CVE-2026-42432

OpenClaw before 2026.4.8 contains a privilege escalation vulnerability allowing previously paired nodes to reconnect with exec-capable commands without operator.admin scope requirement. Attackers can bypass re-pairing authentication to execute privileged commands on the local assistant system.

Ver en NVD

Análisis

OpenClaw is a specialized automation or assistant platform with limited adoption in the general developer community. While the privilege escalation vulnerability allows unauthorized command execution on the host, the product is not widely used enough to warrant a community-wide alert.

Severidad

Puntaje: 7.8(HIGH)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AV: LOCAL
AC: LOW
PR: LOW
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-863

EPSS

Probabilidad de explotación (próx. 30 días): 0.0002 (0.0%)
Percentil: 6.5%
EPSS: 2026-05-06

Afecta

openclaw:openclaw

Descripción técnica

OpenClaw before 2026.4.8 contains a privilege escalation vulnerability allowing previously paired nodes to reconnect with exec-capable commands without operator.admin scope requirement. Attackers can bypass re-pairing authentication to execute privileged commands on the local assistant system.

Publicada: 28/4/2026, 19:37:47
Última modificación: 30/4/2026, 14:06:17

Referencias

InicioEventosBlogRecursosEquipo