Home / Vulnerability Intelligence / CVE-2026-32042

CVE-2026-32042 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 23, 2026

OpenClaw - Privilege Escalation

Published: March 21, 2026Updated: March 23, 2026Remote Exploitable

Overview

OpenClaw < 2026.2.25 contains a privilege escalation vulnerability caused by unpaired device identities bypassing operator pairing in authentication, letting attackers with valid shared gateway authentication self-assign elevated operator scopes, exploit requires valid shared gateway authentication.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 10.8%(Probability of exploitation in next 30 days)

Impact

Attackers with valid shared gateway authentication can escalate privileges to operator.admin, compromising system control.

Mitigation

Update to version 2026.2.25 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 21, 2026

🟠 CVE-2026-32042 - High (8.8) OpenClaw versions 2026.2.22 prior to 2026.2.25 contain a privilege escalation vulnerability allowing unpaired device identities to bypass operator pairing requirements and self-assign elevated operator scopes including operator.admin. Attackers wi... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32042/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-32042
Severity: High
CVSS Score: 8.8
Type: broken_access_control
Status: confirmed
EPSS: 10.8%
Social Posts: 1

CWE

CWE-863

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

10.8%Probability of exploitation in the next 30 days