CVE-2026-42429
Published: 28 April 2026
Summary
CVE-2026-42429 is a medium-severity Incorrect Authorization (CWE-863) vulnerability in Openclaw Openclaw. Its CVSS base score is 6.0 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 20.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
CVE-2026-42429, published on 2026-04-28, is a privilege escalation vulnerability (CWE-863) rated at CVSS 7.1 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N) affecting OpenClaw versions before 2026.4.8. The issue resides in the gateway plugin's HTTP authentication mechanism, which improperly widens identity-bearing operator.read requests into runtime operator.write permissions.
An attacker with low privileges (PR:L) can exploit this vulnerability over the network (AV:N) with low complexity and no user interaction by sending read-scoped requests through the gateway auth route. Successful exploitation grants unauthorized write access to runtime operations, resulting in high integrity impact while causing low confidentiality impact and no availability impact.
Mitigation is available via the patch in OpenClaw commit d7c3210cd6f5fdfdc1beff4c9541673e814354d5, which corresponds to version 2026.4.8. Additional details on remediation are provided in the GitHub security advisory at GHSA-4f8g-77mw-3rxc and the VulnCheck advisory.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-26131
Vulnerability details
OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism that escalates identity-bearing operator.read requests to runtime operator.write permissions. Attackers can exploit this by sending read-scoped requests through the gateway auth route to gain unauthorized…
more
write access to runtime operations.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE explicitly describes a privilege escalation vulnerability (CWE-863) in the gateway plugin's HTTP authentication mechanism, allowing low-privileged users to improperly gain write permissions from read-scoped requests, directly mapping to exploitation for privilege escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces correct authorization decisions so that operator.read-scoped requests cannot be escalated to operator.write permissions via the gateway auth route.
Requires that identities are granted only the minimum privileges needed, preventing the read-to-write permission widening described in the CVE.
Ensures access-control decisions are made consistently and correctly for each request, blocking the flawed gateway plugin logic that converts read requests into write access.