Q: Who is affected? (Versions/Components)

📦 **Product**: OpenClaw (Open-source AI Assistant). 📅 **Affected Versions**: All versions prior to **2026.3.11**. ✅ **Fixed Version**: 2026.3.11 and later. 🏢 **Vendor**: OpenClaw.

Q: Is exploitation threshold high? (Auth/Config)

🔑 **Auth Required**: Yes, but low barrier. 📉 **Threshold**: Low. The attacker only needs `operator.pairing` permissions. 🌐 **Network**: Network-accessible (AV:N). 🚪 **UI**: No user interaction needed (UI:N).

Q: Is it fixed officially? (Patch/Mitigation)

✅ **Fixed**: Yes! Official patch released in version **2026.3.11**. 📥 **Action**: Upgrade immediately. 🔗 **Ref**: See GitHub Security Advisory GHSA-4jpw-hj22-2xmc for details. 🛠️

Q: Is it urgent? (Priority Suggestion)

🔴 **Priority**: CRITICAL (CVSS 9.8). 🚀 **Urgency**: Patch ASAP. ⚡ **Reason**: RCE is possible with minimal initial access. 📢 **Recommendation**: Treat as immediate action item for all OpenClaw deployments.

Question 1

What is this vulnerability? (Essence + Consequences)

Accepted Answer

🚨 **Essence**: OpenClaw < 2026.3.11 has a critical privilege escalation flaw in `device.token.rotate`.…

Question 2

Root Cause? (CWE/Flaw)

Accepted Answer

🛡️ **CWE**: CWE-266 (Incorrect Privilege Assignment). 🔍 **Flaw**: The `device.token.rotate` endpoint fails to validate scopes properly.…

Question 3

Who is affected? (Versions/Components)

Accepted Answer

📦 **Product**: OpenClaw (Open-source AI Assistant). 📅 **Affected Versions**: All versions prior to **2026.3.11**. ✅ **Fixed Version**: 2026.3.11 and later. 🏢 **Vendor**: OpenClaw.

Question 4

What can hackers do? (Privileges/Data)

Accepted Answer

🔓 **Privileges**: Escalates from `operator.pairing` to `operator.admin`. 🖥️ **Impact**: Full Remote Code Execution (RCE) on the node.…

Question 5

Is exploitation threshold high? (Auth/Config)

Accepted Answer

🔑 **Auth Required**: Yes, but low barrier. 📉 **Threshold**: Low. The attacker only needs `operator.pairing` permissions. 🌐 **Network**: Network-accessible (AV:N). 🚪 **UI**: No user interaction needed (UI:N).

Question 6

Is there a public Exp? (PoC/Wild Exploitation)

Accepted Answer

🚫 **Public Exploit**: No public PoC or wild exploitation detected yet. 📝 **Status**: POCs list is empty in the advisory.…

Question 7

How to self-check? (Features/Scanning)

Accepted Answer

🔍 **Check**: Verify your OpenClaw version. 📋 **Action**: If running < 2026.3.11, you are vulnerable. 🛡️ **Scan**: Look for the `device.token.rotate` API endpoint usage.…

Question 8

Is it fixed officially? (Patch/Mitigation)

Accepted Answer

✅ **Fixed**: Yes! Official patch released in version **2026.3.11**. 📥 **Action**: Upgrade immediately. 🔗 **Ref**: See GitHub Security Advisory GHSA-4jpw-hj22-2xmc for details. 🛠️

Question 9

What if no patch? (Workaround)

Accepted Answer

🚧 **Workaround**: If you cannot patch immediately, restrict `operator.pairing` permissions strictly. 🚫 **Mitigation**: Disable `device.token.rotate` if possible.…

Question 10

Is it urgent? (Priority Suggestion)

Accepted Answer

🔴 **Priority**: CRITICAL (CVSS 9.8). 🚀 **Urgency**: Patch ASAP. ⚡ **Reason**: RCE is possible with minimal initial access. 📢 **Recommendation**: Treat as immediate action item for all OpenClaw deployments.

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-32922 — AI Deep Analysis Summary

Q1What is this vulnerability? (Essence + Consequences)

Q2Root Cause? (CWE/Flaw)

Q3Who is affected? (Versions/Components)

Q4What can hackers do? (Privileges/Data)

Q5Is exploitation threshold high? (Auth/Config)

Q6Is there a public Exp? (PoC/Wild Exploitation)

Q7How to self-check? (Features/Scanning)

Q8Is it fixed officially? (Patch/Mitigation)

Q9What if no patch? (Workaround)

Q10Is it urgent? (Priority Suggestion)

Continue exploring