CVE-2026-32922 Overview
CVE-2026-32922 is a critical privilege escalation vulnerability in OpenClaw before version 2026.3.11. The flaw exists in the device.token.rotate function, which fails to properly constrain newly minted token scopes to the caller's current scope set. This allows attackers with operator.pairing scope to mint tokens with broader scopes than intended, potentially obtaining operator.admin tokens for paired devices. Successful exploitation can lead to remote code execution on connected nodes via system.run or unauthorized gateway-admin access.
Critical Impact
Attackers with limited operator.pairing scope can escalate privileges to operator.admin, enabling remote code execution on connected nodes and unauthorized administrative access to gateways.
Affected Products
- OpenClaw versions prior to 2026.3.11
- OpenClaw Node.js implementations
Discovery Timeline
- 2026-03-29 - CVE CVE-2026-32922 published to NVD
- 2026-03-31 - Last updated in NVD database
Technical Details for CVE-2026-32922
Vulnerability Analysis
This vulnerability stems from improper privilege management (CWE-266) in the token rotation mechanism. The device.token.rotate function is designed to refresh authentication tokens for paired devices. However, the implementation fails to validate that newly requested scopes are a subset of the caller's existing scope set.
When an authenticated user with operator.pairing scope calls the token rotation endpoint, they can specify arbitrary scopes in the request. The function does not perform scope boundary checks, allowing the minting of tokens with elevated privileges such as operator.admin. This design flaw creates a direct path from limited pairing privileges to full administrative control.
The vulnerability is network-accessible and requires only low privileges to exploit, making it particularly dangerous in environments where OpenClaw manages device authentication across distributed nodes.
Root Cause
The root cause is the absence of scope validation logic in the device.token.rotate function. The token minting process accepts scope parameters from the request without verifying that they fall within the boundaries of the caller's current authorization. Proper implementation would require intersection checks between requested scopes and the caller's existing scope set before minting new tokens.
Attack Vector
Exploitation requires an attacker to possess a valid token with operator.pairing scope. The attacker then makes a request to the device.token.rotate endpoint, specifying elevated scopes such as operator.admin in the token request. Since no validation occurs, the system mints a new token with the requested elevated privileges.
With operator.admin access, the attacker can invoke system.run to execute arbitrary commands on connected nodes, effectively achieving remote code execution. Alternatively, the attacker can leverage gateway-admin privileges to manipulate routing, intercept traffic, or pivot to other systems in the network.
The attack can be performed remotely over the network and does not require user interaction. For technical implementation details, refer to the GitHub Security Advisory and VulnCheck Advisory.
Detection Methods for CVE-2026-32922
Indicators of Compromise
- Tokens issued with operator.admin scope to principals that previously only held operator.pairing scope
- Unusual calls to system.run from device tokens that should have limited privileges
- Token rotation requests containing scope parameters exceeding the caller's authorization
- Unexpected administrative actions performed by paired device identities
Detection Strategies
- Monitor token rotation logs for scope escalation patterns where output token scopes exceed input token scopes
- Implement alerting on any system.run invocations from device tokens
- Audit access control logs for gateway-admin operations performed by non-administrative principals
- Deploy behavioral analysis to identify tokens performing actions outside their expected privilege boundaries
Monitoring Recommendations
- Enable detailed logging for all device.token.rotate endpoint calls, capturing both input and output scopes
- Configure SIEM rules to correlate token issuance events with subsequent privileged operations
- Establish baseline behavior for paired devices and alert on deviations
- Review token scope distributions periodically to identify anomalous privilege accumulation
How to Mitigate CVE-2026-32922
Immediate Actions Required
- Upgrade OpenClaw to version 2026.3.11 or later immediately
- Audit existing tokens for scope violations and revoke any tokens with improperly elevated privileges
- Review logs for evidence of exploitation prior to patching
- Implement network segmentation to limit exposure of OpenClaw endpoints
Patch Information
The vulnerability is resolved in OpenClaw version 2026.3.11. The patch introduces proper scope boundary validation in the device.token.rotate function, ensuring that newly minted tokens cannot contain scopes that exceed the caller's current authorization. Organizations should apply this update immediately and verify the patch deployment across all OpenClaw instances.
For detailed patch information, consult the GitHub Security Advisory.
Workarounds
- Restrict network access to the device.token.rotate endpoint using firewall rules or API gateway policies
- Implement additional authorization middleware that validates scope boundaries before requests reach OpenClaw
- Disable the token rotation feature temporarily if not operationally critical
- Deploy Web Application Firewall rules to block token rotation requests containing scope parameters
# Example: Restrict access to device.token.rotate endpoint via nginx
location /api/device/token/rotate {
# Limit to internal networks only until patched
allow 10.0.0.0/8;
allow 172.16.0.0/12;
allow 192.168.0.0/16;
deny all;
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
