CVE-2026-35639: OpenClaw Gateway: RCE and Privilege Escalation from operator.pairing to operator.admin via device.pair.approve
(updated )
device.pair.approve allowed an operator.pairing approver to approve a pending device request for broader operator scopes than the approver actually held.
References
- github.com/advisories/GHSA-hf68-49fm-59cq
- github.com/openclaw/openclaw
- github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87
- github.com/openclaw/openclaw/commit/fc2d29ea926f47c428c556e92ec981441228d2a4
- github.com/openclaw/openclaw/security/advisories/GHSA-hf68-49fm-59cq
- nvd.nist.gov/vuln/detail/CVE-2026-35639
- www.vulncheck.com/advisories/openclaw-privilege-escalation-via-device-pair-approve-scope-validation
Code Behaviors & Features
Detect and mitigate CVE-2026-35639 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →