THREAT SENTINEL
Back to Dashboard
Hacking IncidentsCritical

CVE-2026-32922: Critical Severity Vulnerability Disclosed

Monday, March 30, 2026
Global
NVD

Summary

OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constrain newly minted scopes to the caller's current scope set. Attackers can obtain operator.admin tokens

Threat Analysis

**Threat Overview:** OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constrain newly minted scopes to the caller's current scope set. Attackers can obtain operator.admin tokens

**CVE ID:** CVE-2026-32922 **CVSS Score:** 9.9 (CRITICAL)

**Recommended Mitigations:** - Review and apply vendor security updates - Monitor for signs of exploitation - Implement network segmentation and access controls - Enable logging and monitoring for affected systems

Last updated: Mar 30, 2026, 08:22 AM

Daily Intelligence

Stay Ahead of Threats

Subscribe to receive daily threat briefings delivered to your inbox. Be the first to know about emerging security risks.

No spamUnsubscribe anytimeDaily at 9 AM