CVE-2026-42432

· NIST NVD ↗

OpenClaw before 2026.4.8 contains a privilege escalation vulnerability allowing previously paired nodes to reconnect with exec-capable commands without operator.admin scope requirement. Attackers can bypass re-pairing authentication to execute privileged commands on the local assistant system.

HIGH
CVSS severity
7.8
CVSS base score
2026-04-28
Published

CWE codes

CWE-863

Affected products

openclaw:openclaw

Sources