Cyber Resilience

CVE-2026-35645

MediumPublic PoC

Published: 09 April 2026

Published
09 April 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 6.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0028 19.6th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-35645 is a medium-severity Incorrect Use of Privileged APIs (CWE-648) vulnerability in Openclaw Openclaw. Its CVSS base score is 6.1 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 19.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2026-35645 is a privilege escalation vulnerability in OpenClaw versions before 2026.3.25. The flaw exists in the gateway plugin subagent's fallback deleteSession function, which employs a synthetic operator.admin runtime scope. This issue, published on 2026-04-09, is associated with CWEs-648 (Incorrect Usage of Privilege Rights) and CWE-863 (Incorrect Authorization), and carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H).

The vulnerability can be exploited by low-privileged users (PR:L) with network access (AV:N) and low attack complexity (AC:L), requiring no user interaction (UI:N). Attackers trigger session deletion without a request-scoped client, enabling execution of privileged operations under an unintended administrative scope and resulting in high impacts to integrity (I:H) and availability (A:H), with no confidentiality impact (C:N).

Advisories recommend upgrading to OpenClaw 2026.3.25 or later, where the vulnerability is fixed via the commit at https://github.com/openclaw/openclaw/commit/b5d785f1a59a56c3471f2cef328f7c9a6c15f3e7. Further details on the issue and remediation are provided in the GitHub security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-h4jx-hjr3-fhgc and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-synthetic-operator-admin-in-deletesession.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function that uses a synthetic operator.admin runtime scope. Attackers can exploit this by triggering session deletion without a request-scoped client to execute privileged operations with…

more

unintended administrative scope.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The vulnerability is a privilege escalation flaw (CWE-648/863) allowing low-privileged authenticated users to execute admin-scoped operations via incorrect authorization in deleteSession, directly enabling T1068 Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-35663Same product: Openclaw Openclaw
CVE-2026-42429Same product: Openclaw Openclaw
CVE-2026-33579Same product: Openclaw Openclaw
CVE-2026-32915Same product: Openclaw Openclaw
CVE-2026-35625Same product: Openclaw Openclaw
CVE-2026-33577Same product: Openclaw Openclaw
CVE-2026-41404Same product: Openclaw Openclaw
CVE-2026-41344Same product: Openclaw Openclaw
CVE-2026-42432Same product: Openclaw Openclaw
CVE-2026-41329Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.3.25

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces least privilege to prevent low-privileged attackers from escalating to synthetic operator.admin scope in the deleteSession function.

prevent

Mandates enforcement of approved authorizations, directly countering incorrect authorization and privilege rights usage in the gateway plugin subagent.

prevent

Requires timely remediation of flaws like CVE-2026-35645 through patching to OpenClaw 2026.3.25 or later, eliminating the vulnerable fallback deleteSession logic.

References