OpenClaw disclosed two high-severity vulnerabilities affecting versions before 2026.2.21 and 2026.3.25, exposing gateway routes to unauthorized access and privilege escalation. CVE-2026-32045 is an authentication bypass in HTTP gateway routes caused by incorrect application of tokenless Tailscale header authentication, allowing attackers on trusted networks to reach protected routes without valid tokens or passwords. The issue is tracked as CWE-290 and carries a CVSS v3.1 vector of AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating a confidentiality-focused impact.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
6 events from the most recent confirmed update back to the earliest known activity.
A high-severity OpenClaw vulnerability, CVE-2026-35663, was publicly disclosed affecting versions before 2026.3.25. The privilege escalation flaw in the backend reconnect process allowed non-admin operators to self-request broader scopes, bypass pairing requirements, and reconnect as operator.admin.
CVE-2026-35669 was publicly disclosed on April 10, 2026 as a high-severity OpenClaw privilege escalation vulnerability. It was classified as CWE-648 and described as allowing a low-privileged attacker to obtain operator.admin runtime scope and perform unauthorized actions.
The privilege escalation vulnerability later assigned CVE-2026-35669 was received by disclosure@vulncheck.com on April 10, 2026. The flaw involved improper authentication scope handling in OpenClaw plugin HTTP routes.
OpenClaw addressed CVE-2026-35669 in version 2026.3.25, fixing a privilege escalation flaw in gateway-authenticated plugin HTTP routes that incorrectly minted the operator.admin runtime scope. The bug affected versions before 2026.3.25 and could let low-privileged users gain elevated administrative capabilities.
A high-severity vulnerability, CVE-2026-32045, was disclosed for OpenClaw on March 21, 2026. The issue was classified as CWE-290 and described as enabling unauthorized access to HTTP gateway routes without valid authentication credentials.
OpenClaw addressed CVE-2026-32045 in version 2026.2.21, fixing an authentication bypass in HTTP gateway routes caused by incorrect application of tokenless Tailscale header authentication. The flaw affected versions prior to 2026.2.21 and could allow attackers on trusted networks to access routes without valid tokens or passwords.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
3 references tracked. Mallory keeps watching after this page renders.
cvefeed.io
Open sourcecvefeed.io
Open sourcecvefeed.io
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.