Cyber Resilience

CVE-2026-32042

HighPublic PoC

Published: 21 March 2026

Published
21 March 2026
Modified
23 March 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0044 35.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-32042 is a high-severity Incorrect Authorization (CWE-863) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 35.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-3 (Device Identification and Authentication).

Deeper analysis

CVE-2026-32042 is a privilege escalation vulnerability (CWE-863: Incorrect Authorization) in OpenClaw versions 2026.2.22 prior to 2026.2.25. The issue allows unpaired device identities to bypass operator pairing requirements, enabling self-assignment of elevated operator scopes, including operator.admin.

Attackers with valid shared gateway authentication can exploit this vulnerability remotely over the network with low complexity, low privileges, and no user interaction. By presenting a self-signed unpaired device identity, they can request and obtain higher operator scopes before pairing approval is granted, resulting in high impacts to confidentiality, integrity, and availability, as reflected in the CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Advisories recommend upgrading to OpenClaw version 2026.2.25 or later to mitigate the vulnerability. A fixing commit is available at https://github.com/openclaw/openclaw/commit/8d1481cb4a9d31bd617e52dc8c392c35689d9dea, with further details in the GitHub Security Advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-553v-f69r-656j and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-unpaired-device-identity-in-shared-gateway-authentication.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

OpenClaw versions 2026.2.22 prior to 2026.2.25 contain a privilege escalation vulnerability allowing unpaired device identities to bypass operator pairing requirements and self-assign elevated operator scopes including operator.admin. Attackers with valid shared gateway authentication can present a self-signed unpaired device identity…

more

to request and obtain higher operator scopes before pairing approval is granted.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Privilege escalation vulnerability (CWE-863) allows low-privileged remote attackers to bypass authorization and self-assign elevated operator.admin scopes, directly enabling Exploitation for Privilege Escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-42429Same product: Openclaw Openclaw
CVE-2026-33579Same product: Openclaw Openclaw
CVE-2026-32915Same product: Openclaw Openclaw
CVE-2026-33577Same product: Openclaw Openclaw
CVE-2026-41404Same product: Openclaw Openclaw
CVE-2026-41344Same product: Openclaw Openclaw
CVE-2026-42432Same product: Openclaw Openclaw
CVE-2026-32918Same product: Openclaw Openclaw
CVE-2026-41371Same product: Openclaw Openclaw
CVE-2026-41379Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
2026.2.22 — 2026.2.25

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires identification and authentication of devices before establishing connections, preventing unpaired self-signed device identities from bypassing pairing and obtaining elevated scopes.

prevent

Enforces approved authorizations for access to resources, directly addressing the incorrect authorization that allows privilege escalation via unpaired device identities.

prevent

Limits privileges to the least necessary, mitigating the impact of self-assignment of elevated operator scopes including admin.

References