PatchSiren cyber security CVE debrief
CVE-2026-42432 OpenClaw CVE debrief
OpenClaw versions prior to 2026.4.8 contain a privilege escalation vulnerability in the node pairing and reconnection mechanism. Previously paired nodes can reconnect to the local assistant system and execute commands with elevated privileges without requiring the operator.admin scope. The vulnerability stems from insufficient authentication validation during the reconnection phase, allowing attackers to bypass re-pairing requirements and issue exec-capable commands. This affects Node.js deployments of OpenClaw. The issue was disclosed on 2026-04-28 and modified in the NVD record on 2026-05-26. A patch is available that enforces proper scope verification during node reconnection.
- Vendor
- OpenClaw
- Product
- Unknown
- CVSS
- HIGH 7.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-28
- Original CVE updated
- 2026-05-26
- Advisory published
- 2026-04-28
- Advisory updated
- 2026-05-26
Who should care
Organizations running OpenClaw node.js deployments with distributed node architectures, particularly those relying on node pairing for command and control operations. Security teams managing IoT or edge computing environments using OpenClaw for device orchestration. DevOps engineers responsible for OpenClaw infrastructure hardening and access control policies.
Technical summary
The vulnerability exists in OpenClaw's node pairing mechanism where previously authenticated nodes can reconnect without re-authentication. The reconnection protocol fails to verify that the connecting node possesses the operator.admin scope before accepting exec-capable commands. This allows a low-privileged attacker with prior node access to escalate privileges and execute arbitrary commands on the local assistant system. The attack requires local access or prior compromise of a paired node, with low attack complexity once the prerequisite conditions are met. The fix in version 2026.4.8 enforces scope validation during the reconnection handshake.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade OpenClaw to version 2026.4.8 or later to remediate the privilege escalation vulnerability
- Review and audit previously paired nodes for unauthorized access or suspicious command execution
- Implement network segmentation to limit node-to-assistant communication to trusted networks
- Monitor for anomalous reconnection attempts from nodes without proper operator.admin scope validation
- Apply principle of least privilege by restricting node pairing capabilities to authorized administrative accounts only
Evidence notes
CVE description confirms privilege escalation via bypass of operator.admin scope requirement during node reconnection. CVSS 4.0 vector (AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H) indicates local attack vector with low attack complexity, low privileges required, and high impact to confidentiality, integrity, and availability. CWE-863 (Incorrect Authorization) identified as secondary weakness. CPE criteria confirms affected versions: openclaw:openclaw:*:*:*:*:*:node.js:*:* with versionEndExcluding 2026.4.8.
Official resources
-
CVE-2026-42432 CVE record
CVE.org
-
CVE-2026-42432 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
2026-04-28T19:37:47.190Z