OpenClaw Privilege Escalation Vulnerability Allowing Remote Code Execution

A privilege escalation vulnerability has been identified in OpenClaw versions prior to 2026.3.25. This vulnerability allows silent local shared-auth reconnects to automatically approve scope-upgrade requests, thereby increasing paired device permissions from 'operator.read' to 'operator.admin'. Exploitation of this vulnerability can lead to unauthorized privilege escalation and remote code execution on the affected node.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, with paired device permissions being silently upgraded to 'operator.admin'. This elevated privilege can then be used to execute arbitrary code on the affected node, according to the GitHub Security Advisory.

Reproduction

The vulnerability can be reproduced by initiating a silent local shared-auth reconnection for a device paired with 'operator.read' permissions. This will automatically upgrade the device's permissions to 'operator.admin'. Once the permissions are upgraded, arbitrary code can be executed on the node with the elevated privileges.

Remediation

Users can upgrade to OpenClaw version 2026.3.25 or later to address this vulnerability.