Cyber Resilience

CVE-2026-35638

HighPublic PoC

Published: 09 April 2026

Published
09 April 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0029 20.4th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-35638 is a high-severity Incorrect User Management (CWE-286) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 20.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-3 (Device Identification and Authentication).

Deeper analysis

CVE-2026-35638 is a privilege escalation vulnerability (CWE-286: Missing Authorization) in OpenClaw versions before 2026.3.22. The flaw exists in the Control UI, where unauthenticated sessions can retain self-declared privileged scopes without device identity verification. Attackers exploit a device-less allow path in the trusted-proxy mechanism to declare arbitrary scopes, bypassing required device identity checks and maintaining elevated permissions.

The vulnerability has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating network accessibility, low complexity, and a requirement for low privileges with no user interaction. An attacker with initial low-privilege access to the Control UI can escalate to arbitrary privileged scopes, achieving high impacts on confidentiality, integrity, and availability through unauthorized retention of elevated permissions.

Mitigation is available by upgrading to OpenClaw 2026.3.22 or later. Relevant patches are detailed in GitHub commits 630f1479c44f78484dfa21bb407cbe6f171dac87 and ccf16cd8892402022439346ae1d23352e3707e9e, with further guidance in the GitHub security advisory GHSA-48vw-m3qc-wr99 and VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-self-declared-scopes-in-trusted-proxy-control-ui.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allows unauthenticated sessions to retain self-declared privileged scopes without device identity verification. Attackers can exploit the device-less allow path in the trusted-proxy mechanism to maintain elevated permissions…

more

by declaring arbitrary scopes, bypassing device identity requirements.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The CVE explicitly describes a privilege escalation vulnerability (CWE-286) allowing low-privilege attackers to bypass authorization and retain elevated scopes via a trusted-proxy flaw, directly mapping to exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-35663Same product: Openclaw Openclaw
CVE-2026-43578Same product: Openclaw Openclaw
CVE-2026-41404Same product: Openclaw Openclaw
CVE-2026-41344Same product: Openclaw Openclaw
CVE-2026-32057Same product: Openclaw Openclaw
CVE-2026-41299Same product: Openclaw Openclaw
CVE-2026-42432Same product: Openclaw Openclaw
CVE-2026-41371Same product: Openclaw Openclaw
CVE-2026-41329Same product: Openclaw Openclaw
CVE-2026-32060Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.3.22

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for access to system resources, directly preventing unauthenticated sessions from retaining self-declared privileged scopes without verification.

prevent

Requires identification and authentication of devices before establishing connections, mitigating the bypass of device identity requirements in the trusted-proxy mechanism.

prevent

Employs least privilege to restrict processes and users to only necessary permissions, limiting the impact of privilege escalation via arbitrary scope declarations.

References