Cyber Resilience

CVE-2026-35663

HighPublic PoC

Published: 10 April 2026

Published
10 April 2026
Modified
13 April 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0028 19.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-35663 is a high-severity Incorrect Use of Privileged APIs (CWE-648) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 19.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2026-35663, published on 2026-04-10, is a privilege escalation vulnerability in OpenClaw versions before 2026.3.25. It enables non-admin operators to self-request broader scopes during backend reconnects, bypassing pairing requirements to reconnect as operator.admin and gain unauthorized administrative privileges. The issue is rated with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-648.

Low-privileged users, specifically non-admin operators, can exploit this vulnerability over the network with low attack complexity and no user interaction required. Successful exploitation allows attackers to elevate privileges to full administrative access, potentially compromising confidentiality, integrity, and availability of the affected system to a high degree.

Advisories recommend upgrading to OpenClaw 2026.3.25 or later, where the vulnerability is addressed via a fix in GitHub commit d3d8e316bd819d3c7e34253aeb7eccb2510f5f48. Further details on the issue and remediation are available in the GitHub security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-9hjh-fr4f-gxc4 and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-backend-reconnect-scope-self-claim.

EU & UK References

Vulnerability details

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unauthorized administrative privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The CVE explicitly describes a privilege escalation vulnerability allowing non-admin operators to bypass restrictions and gain administrative privileges via self-requested broader scopes during reconnects.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-41329Same product: Openclaw Openclaw
CVE-2026-35625Same product: Openclaw Openclaw
CVE-2026-35669Same product: Openclaw Openclaw
CVE-2026-35639Same product: Openclaw Openclaw
CVE-2026-35645Same product: Openclaw Openclaw
CVE-2026-41386Same product: Openclaw Openclaw
CVE-2026-35638Same product: Openclaw Openclaw
CVE-2026-43578Same product: Openclaw Openclaw
CVE-2026-41404Same product: Openclaw Openclaw
CVE-2026-41344Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.3.25

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces least privilege by restricting non-admin operators from self-requesting or obtaining broader admin scopes during backend reconnects.

prevent

Requires enforcement of approved access authorizations to block unauthorized privilege escalation via self-claimed scopes on reconnect.

prevent

Mandates re-authentication prior to privilege changes, preventing bypass of pairing requirements during backend reconnects to gain admin access.

References