Agents
OpenClaw CVE-2026-32922: CVSS 9.9 Privilege Escalation via Token Scope Bypass — 135K Exposed Instances
Published March 29, this critical privilege escalation in OpenClaw's device.token.rotate function allows any paired device with operator.pairing scope to mint tokens with unrestricted admin+RCE permissions. With 340K+ GitHub stars and 135K+ publicly exposed instances — 63% running without any authentication — this is one of the most severe agent infrastructure vulnerabilities by blast radius. Fixed in OpenClaw 2026.3.11. The combination of minimal prerequisites and maximum blast radius makes urgent patching critical for any OpenClaw deployment.
Source
↳ Follow the thread