OpenClaw versions prior to 2026.3.11 contain a critical privilege escalation flaw that allows authenticated attackers to gain administrative control and execute remote code on connected nodes.

The device.token.rotate function fails to properly constrain newly minted scopes to the caller's existing permissions. This allows an authenticated attacker with operator.pairing scope to escalate their privileges to operator.admin, subsequently enabling remote code execution via the system.run function.

This vulnerability poses a severe risk to organizational security, as it allows a low-privileged user to seize full control of the OpenClaw gateway and connected nodes. The CVSS score of 9.9 reflects the high impact on system integrity and the potential for complete unauthorized access to sensitive operational environments.

Immediate Action: Update OpenClaw to version 2026.3.11 or later to ensure that token rotation strictly adheres to scope constraints.

Proactive Monitoring: Audit all recently minted tokens and review audit logs for any instances of operator.pairing users successfully invoking administrative functions or the system.run command.

Compensating Controls: Implement strict identity and access management (IAM) policies and utilize a least-privilege model to limit the number of users with pairing capabilities.

Public Exploit Available: false

This privilege escalation vulnerability is a critical threat to the OpenClaw ecosystem. Administrators must apply the latest security patches immediately to prevent attackers from bypassing authorization controls and gaining full remote code execution capabilities across the network.