CVE-2026-35645
Published: 09 April 2026
Summary
CVE-2026-35645 is a high-severity Incorrect Use of Privileged APIs (CWE-648) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 13.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces least privilege to prevent low-privileged attackers from escalating to synthetic operator.admin scope in the deleteSession function.
Mandates enforcement of approved authorizations, directly countering incorrect authorization and privilege rights usage in the gateway plugin subagent.
Requires timely remediation of flaws like CVE-2026-35645 through patching to OpenClaw 2026.3.25 or later, eliminating the vulnerable fallback deleteSession logic.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a privilege escalation flaw (CWE-648/863) allowing low-privileged authenticated users to execute admin-scoped operations via incorrect authorization in deleteSession, directly enabling T1068 Exploitation for Privilege Escalation.
NVD Description
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function that uses a synthetic operator.admin runtime scope. Attackers can exploit this by triggering session deletion without a request-scoped client to execute privileged operations with…
more
unintended administrative scope.
Deeper analysisAI
CVE-2026-35645 is a privilege escalation vulnerability in OpenClaw versions before 2026.3.25. The flaw exists in the gateway plugin subagent's fallback deleteSession function, which employs a synthetic operator.admin runtime scope. This issue, published on 2026-04-09, is associated with CWEs-648 (Incorrect Usage of Privilege Rights) and CWE-863 (Incorrect Authorization), and carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H).
The vulnerability can be exploited by low-privileged users (PR:L) with network access (AV:N) and low attack complexity (AC:L), requiring no user interaction (UI:N). Attackers trigger session deletion without a request-scoped client, enabling execution of privileged operations under an unintended administrative scope and resulting in high impacts to integrity (I:H) and availability (A:H), with no confidentiality impact (C:N).
Advisories recommend upgrading to OpenClaw 2026.3.25 or later, where the vulnerability is fixed via the commit at https://github.com/openclaw/openclaw/commit/b5d785f1a59a56c3471f2cef328f7c9a6c15f3e7. Further details on the issue and remediation are provided in the GitHub security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-h4jx-hjr3-fhgc and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-synthetic-operator-admin-in-deletesession.
Details
- CWE(s)