CVE-2026-35638
Published: 09 April 2026
Summary
CVE-2026-35638 is a high-severity Incorrect User Management (CWE-286) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 15.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-3 (Device Identification and Authentication).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations for access to system resources, directly preventing unauthenticated sessions from retaining self-declared privileged scopes without verification.
Requires identification and authentication of devices before establishing connections, mitigating the bypass of device identity requirements in the trusted-proxy mechanism.
Employs least privilege to restrict processes and users to only necessary permissions, limiting the impact of privilege escalation via arbitrary scope declarations.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE explicitly describes a privilege escalation vulnerability (CWE-286) allowing low-privilege attackers to bypass authorization and retain elevated scopes via a trusted-proxy flaw, directly mapping to exploitation for privilege escalation.
NVD Description
OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allows unauthenticated sessions to retain self-declared privileged scopes without device identity verification. Attackers can exploit the device-less allow path in the trusted-proxy mechanism to maintain elevated permissions…
more
by declaring arbitrary scopes, bypassing device identity requirements.
Deeper analysisAI
CVE-2026-35638 is a privilege escalation vulnerability (CWE-286: Missing Authorization) in OpenClaw versions before 2026.3.22. The flaw exists in the Control UI, where unauthenticated sessions can retain self-declared privileged scopes without device identity verification. Attackers exploit a device-less allow path in the trusted-proxy mechanism to declare arbitrary scopes, bypassing required device identity checks and maintaining elevated permissions.
The vulnerability has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating network accessibility, low complexity, and a requirement for low privileges with no user interaction. An attacker with initial low-privilege access to the Control UI can escalate to arbitrary privileged scopes, achieving high impacts on confidentiality, integrity, and availability through unauthorized retention of elevated permissions.
Mitigation is available by upgrading to OpenClaw 2026.3.22 or later. Relevant patches are detailed in GitHub commits 630f1479c44f78484dfa21bb407cbe6f171dac87 and ccf16cd8892402022439346ae1d23352e3707e9e, with further guidance in the GitHub security advisory GHSA-48vw-m3qc-wr99 and VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-self-declared-scopes-in-trusted-proxy-control-ui.
Details
- CWE(s)