CVE Catalog

CVE-2026-41386

Critical
Published: Translated: NVD NIST

Summary

OpenClaw before version 2026.3.22 contains a privilege escalation vulnerability where bootstrap setup codes are not bound to intended device roles and scopes during pairing. Attackers can exploit this during first-use device pairing to escalate privileges beyond their intended role and scope.

Risk Assessment

Organizations may be exposed to unauthorized access to systems and data, potentially leading to serious security breaches.

Recommendation

It is recommended to update OpenClaw to version 2026.3.22 or later to mitigate this vulnerability and review device pairing procedures.

Original NVD description (English source)

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability where bootstrap setup codes are not bound to intended device roles and scopes during pairing. Attackers can exploit this during first-use device pairing to escalate privileges beyond their intended role and scope.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS