CVE-2026-22172
Published: 20 March 2026
Summary
CVE-2026-22172 is a critical-severity Missing Authorization (CWE-862) vulnerability in Openclaw Openclaw. Its CVSS base score is 9.9 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires enforcement of approved authorizations for access to system resources, directly preventing self-declared elevated scopes from bypassing server-side binding in WebSocket connections.
Mandates timely identification, reporting, and correction of flaws like this authorization bypass vulnerability through patching to OpenClaw 2026.3.12 or later.
Enforces least privilege to limit low-privileged shared-token or password-authenticated users from performing admin-only operations even if they declare elevated scopes.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
AuthZ bypass in authenticated WebSocket path directly enables privilege escalation to admin scopes via exploitation of the logic flaw.
NVD Description
OpenClaw versions prior to 2026.3.12 contain an authorization bypass vulnerability in the WebSocket connect path that allows shared-token or password-authenticated connections to self-declare elevated scopes without server-side binding. Attackers can exploit this logic flaw to present unauthorized scopes such as…
more
operator.admin and perform admin-only gateway operations.
Deeper analysisAI
CVE-2026-22172 is an authorization bypass vulnerability (CWE-862) in OpenClaw versions prior to 2026.3.12. The issue resides in the WebSocket connect path, where shared-token or password-authenticated connections can self-declare elevated scopes without server-side binding. This logic flaw enables attackers to present unauthorized scopes, such as operator.admin, and execute admin-only gateway operations. The vulnerability carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low attack complexity, and high impacts.
Low-privileged attackers with existing shared-token or password-authenticated access can exploit this over the network without user interaction. By self-declaring elevated scopes during WebSocket connection, they bypass authorization checks to perform administrative actions on the gateway, potentially compromising confidentiality, integrity, and availability across the expanded scope.
Advisories recommend upgrading to OpenClaw version 2026.3.12 or later to mitigate the vulnerability by enforcing proper server-side scope binding. Detailed guidance is provided in the GitHub Security Advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-rqpp-rjj8-7wv8 and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-scope-elevation-in-websocket-shared-auth-connections.
Details
- CWE(s)