Goal Reached Thanks to every supporter โ€” we hit 100%!

Goal: 1000 CNY ยท Raised: 1336 CNY

100%

CVE-2026-32922 โ€” AI Deep Analysis Summary

CVSS 9.9 ยท Critical

Q1What is this vulnerability? (Essence + Consequences)

๐Ÿšจ **Essence**: OpenClaw < 2026.3.11 has a critical privilege escalation flaw in `device.token.rotate`.โ€ฆ

Q2Root Cause? (CWE/Flaw)

๐Ÿ›ก๏ธ **CWE**: CWE-266 (Incorrect Privilege Assignment). ๐Ÿ” **Flaw**: The `device.token.rotate` endpoint fails to validate scopes properly.โ€ฆ

Q3Who is affected? (Versions/Components)

๐Ÿ“ฆ **Product**: OpenClaw (Open-source AI Assistant). ๐Ÿ“… **Affected Versions**: All versions prior to **2026.3.11**. โœ… **Fixed Version**: 2026.3.11 and later. ๐Ÿข **Vendor**: OpenClaw.

Q4What can hackers do? (Privileges/Data)

๐Ÿ”“ **Privileges**: Escalates from `operator.pairing` to `operator.admin`. ๐Ÿ–ฅ๏ธ **Impact**: Full Remote Code Execution (RCE) on the node.โ€ฆ

Q5Is exploitation threshold high? (Auth/Config)

๐Ÿ”‘ **Auth Required**: Yes, but low barrier. ๐Ÿ“‰ **Threshold**: Low. The attacker only needs `operator.pairing` permissions. ๐ŸŒ **Network**: Network-accessible (AV:N). ๐Ÿšช **UI**: No user interaction needed (UI:N).

Q6Is there a public Exp? (PoC/Wild Exploitation)

๐Ÿšซ **Public Exploit**: No public PoC or wild exploitation detected yet. ๐Ÿ“ **Status**: POCs list is empty in the advisory.โ€ฆ

Q7How to self-check? (Features/Scanning)

๐Ÿ” **Check**: Verify your OpenClaw version. ๐Ÿ“‹ **Action**: If running < 2026.3.11, you are vulnerable. ๐Ÿ›ก๏ธ **Scan**: Look for the `device.token.rotate` API endpoint usage.โ€ฆ

Q8Is it fixed officially? (Patch/Mitigation)

โœ… **Fixed**: Yes! Official patch released in version **2026.3.11**. ๐Ÿ“ฅ **Action**: Upgrade immediately. ๐Ÿ”— **Ref**: See GitHub Security Advisory GHSA-4jpw-hj22-2xmc for details. ๐Ÿ› ๏ธ

Q9What if no patch? (Workaround)

๐Ÿšง **Workaround**: If you cannot patch immediately, restrict `operator.pairing` permissions strictly. ๐Ÿšซ **Mitigation**: Disable `device.token.rotate` if possible.โ€ฆ

Q10Is it urgent? (Priority Suggestion)

๐Ÿ”ด **Priority**: CRITICAL (CVSS 9.8). ๐Ÿš€ **Urgency**: Patch ASAP. โšก **Reason**: RCE is possible with minimal initial access. ๐Ÿ“ข **Recommendation**: Treat as immediate action item for all OpenClaw deployments.