CVE-2026-32922: OpenClaw Privilege Escalation via Token Scope Bypass

CVE-2026-32922: Critical Privilege Escalation in OpenClaw Token Rotation

A critical privilege escalation vulnerability identified as CVE-2026-32922 has been disclosed in OpenClaw versions prior to 2026.3.11. The flaw exists in the device.token.rotate endpoint, which fails to constrain the scopes of newly minted tokens to the caller's existing scope set. An attacker holding an operator.pairing token — a low-privilege credential used for device onboarding — can exploit this vulnerability to issue themselves a token with operator.admin scope, achieving complete platform administrative access.

The vulnerability carries a CVSS v3.1 score of 9.9 (Critical) and is classified under CWE-269 — Improper Privilege Management, reflecting a systemic failure to enforce scope inheritance during token rotation operations.

Vulnerability Overview

Attribute	Value
CVE ID	CVE-2026-32922
CVSS Score	9.9 (Critical)
CWE Classification	CWE-269 — Improper Privilege Management
Affected Software	OpenClaw before 2026.3.11
Vulnerable Endpoint	`device.token.rotate`
Vulnerable Scope	`operator.pairing`
Achievable Escalation	`operator.admin`
Attack Vector	Network (Remote)
Authentication Required	Yes — operator.pairing token
Exploit Complexity	Low
Patch Available	Yes — upgrade to OpenClaw 2026.3.11 or later

Technical Details

Affected Component

The vulnerability resides in the token rotation mechanism of OpenClaw's device management API. The device.token.rotate endpoint is intended to allow devices to refresh their access tokens while preserving the same privilege level. However, the endpoint does not validate that the newly requested scopes are a subset of the caller's current scope set.

Exploitation Mechanism

When an authenticated operator with an operator.pairing token calls device.token.rotate and specifies broader scopes in the rotation request, the server issues the requested token without validating scope constraints:

POST /api/device/token/rotate HTTP/1.1
Authorization: Bearer <operator.pairing_token>
Content-Type: application/json

{
  "requested_scopes": ["operator.admin", "operator.pairing", "device.manage"]
}

Because the server omits scope-limiting validation against the caller's current privilege set, it returns a token granting the requested operator.admin scope. The attacker now holds a credential with full administrative access to the OpenClaw deployment.

Attack Flow

1. Attacker obtains a low-privilege operator.pairing token
   (e.g., via device provisioning, credential theft, or insider access)

2. Attacker calls device.token.rotate with operator.admin in the requested_scopes list

3. OpenClaw server fails to check that requested_scopes ⊆ current_token_scopes

4. Server issues a new token containing operator.admin scope

5. Attacker uses the elevated token to access admin-only API endpoints

6. Full platform compromise: device management, configuration, user data, and admin functions

Scope Inheritance Failure Context

Modern token-based authorization systems — OAuth 2.0, JWT, and custom implementations — rely on the principle that a token can never grant more privilege than the token used to create it. This is the fundamental security property of scope inheritance:

A token with scope read:profile should never be usable to obtain a token with scope admin:all
Rotation endpoints are especially dangerous because they involve the server actively issuing new credentials
Without strict scope validation, any token-rotation endpoint becomes a privilege escalation primitive

The CVSS score of 9.9 reflects the low complexity of exploitation, the network-accessible attack vector, and the complete confidentiality, integrity, and availability impact that results from obtaining operator.admin access.

Remediation

Immediate Action Required

Upgrade OpenClaw to version 2026.3.11 or later. This release adds scope-constraint validation to the device.token.rotate endpoint, ensuring that any requested scope set is strictly validated against the caller's current scope set before issuance.

Mitigations for Unpatched Deployments

Disable or restrict the device.token.rotate endpoint at the reverse proxy or firewall level until the patch can be applied
Audit existing tokens — review issued tokens for any operator.admin credentials that were obtained by operators who should only hold operator.pairing scope
Revoke suspicious tokens — invalidate any tokens that appear to have been escalated beyond their original scope
Monitor access logs for device.token.rotate calls that resulted in elevated-scope token issuance

Code-Level Fix Pattern

The remediation implemented in 2026.3.11 validates the requested scopes before issuance:

// Pseudocode — scope validation added in 2026.3.11
function rotateToken(caller_token, requested_scopes):
  caller_scopes = getTokenScopes(caller_token)

  // Validate: requested_scopes must be a subset of caller_scopes
  if not requested_scopes.isSubsetOf(caller_scopes):
    return Error(403, "Requested scopes exceed caller's current scope set")

  return issueToken(requested_scopes)

Impact Assessment

Impact Area	Description
Privilege Escalation	Any operator.pairing holder can obtain operator.admin tokens
Full Platform Compromise	Admin scope grants access to all management functions
Data Exfiltration	Admin access enables reading all device and user data
Configuration Tampering	Attackers can modify platform settings and access controls
Persistence	Attacker-issued tokens can be used to create additional admin accounts
Exploit Barrier	Very low — any valid pairing token is sufficient

Key Takeaways

CVE-2026-32922 is a CVSS 9.9 critical privilege escalation flaw in OpenClaw prior to version 2026.3.11
The device.token.rotate endpoint fails to enforce scope inheritance, allowing an operator.pairing token to be exchanged for an operator.admin token
The attack requires only a valid low-privilege token and a single API call — no advanced techniques required
Upgrade to OpenClaw 2026.3.11 immediately; organizations that cannot patch should disable or firewall the token rotation endpoint
Any token issued via the rotation endpoint should be treated as potentially compromised until a token audit is completed

Sources

CVE-2026-32922: Critical Privilege Escalation in OpenClaw Token Rotation

Vulnerability Overview

Attribute	Value
CVE ID	CVE-2026-32922
CVSS Score	9.9 (Critical)
CWE Classification	CWE-269 — Improper Privilege Management
Affected Software	OpenClaw before 2026.3.11
Vulnerable Endpoint	`device.token.rotate`
Vulnerable Scope	`operator.pairing`
Achievable Escalation	`operator.admin`
Attack Vector	Network (Remote)
Authentication Required	Yes — operator.pairing token
Exploit Complexity	Low
Patch Available	Yes — upgrade to OpenClaw 2026.3.11 or later

Technical Details

Affected Component

Exploitation Mechanism

POST /api/device/token/rotate HTTP/1.1
Authorization: Bearer <operator.pairing_token>
Content-Type: application/json

{
  "requested_scopes": ["operator.admin", "operator.pairing", "device.manage"]
}

Attack Flow

1. Attacker obtains a low-privilege operator.pairing token
   (e.g., via device provisioning, credential theft, or insider access)

2. Attacker calls device.token.rotate with operator.admin in the requested_scopes list

3. OpenClaw server fails to check that requested_scopes ⊆ current_token_scopes

4. Server issues a new token containing operator.admin scope

5. Attacker uses the elevated token to access admin-only API endpoints

6. Full platform compromise: device management, configuration, user data, and admin functions

Scope Inheritance Failure Context

A token with scope read:profile should never be usable to obtain a token with scope admin:all
Rotation endpoints are especially dangerous because they involve the server actively issuing new credentials
Without strict scope validation, any token-rotation endpoint becomes a privilege escalation primitive

Remediation

Immediate Action Required

Mitigations for Unpatched Deployments

Disable or restrict the device.token.rotate endpoint at the reverse proxy or firewall level until the patch can be applied
Audit existing tokens — review issued tokens for any operator.admin credentials that were obtained by operators who should only hold operator.pairing scope
Revoke suspicious tokens — invalidate any tokens that appear to have been escalated beyond their original scope
Monitor access logs for device.token.rotate calls that resulted in elevated-scope token issuance

Code-Level Fix Pattern

The remediation implemented in 2026.3.11 validates the requested scopes before issuance:

// Pseudocode — scope validation added in 2026.3.11
function rotateToken(caller_token, requested_scopes):
  caller_scopes = getTokenScopes(caller_token)

  // Validate: requested_scopes must be a subset of caller_scopes
  if not requested_scopes.isSubsetOf(caller_scopes):
    return Error(403, "Requested scopes exceed caller's current scope set")

  return issueToken(requested_scopes)

Impact Assessment

Impact Area	Description
Privilege Escalation	Any operator.pairing holder can obtain operator.admin tokens
Full Platform Compromise	Admin scope grants access to all management functions
Data Exfiltration	Admin access enables reading all device and user data
Configuration Tampering	Attackers can modify platform settings and access controls
Persistence	Attacker-issued tokens can be used to create additional admin accounts
Exploit Barrier	Very low — any valid pairing token is sufficient

Key Takeaways

CVE-2026-32922 is a CVSS 9.9 critical privilege escalation flaw in OpenClaw prior to version 2026.3.11
The device.token.rotate endpoint fails to enforce scope inheritance, allowing an operator.pairing token to be exchanged for an operator.admin token
The attack requires only a valid low-privilege token and a single API call — no advanced techniques required
Upgrade to OpenClaw 2026.3.11 immediately; organizations that cannot patch should disable or firewall the token rotation endpoint
Any token issued via the rotation endpoint should be treated as potentially compromised until a token audit is completed

CVE-2026-32922: OpenClaw Privilege Escalation via Token Scope Bypass

Affected Products

CVE-2026-32922: Critical Privilege Escalation in OpenClaw Token Rotation

Vulnerability Overview

Technical Details

Affected Component

Exploitation Mechanism

Attack Flow

Scope Inheritance Failure Context

Remediation

Immediate Action Required

Mitigations for Unpatched Deployments

Code-Level Fix Pattern

Impact Assessment

Key Takeaways

Sources

CVE-2026-22172: OpenClaw Critical Authorization Bypass via WebSocket Scope Elevation

CVE-2026-25770: Wazuh Privilege Escalation to Root via Cluster Protocol File Write

CVE-2026-32924: OpenClaw Authorization Bypass via Feishu Chat Misclassification

CVE-2026-32922: OpenClaw Privilege Escalation via Token Scope Bypass

Affected Products

CVE-2026-32922: Critical Privilege Escalation in OpenClaw Token Rotation

Vulnerability Overview

Technical Details

Affected Component

Exploitation Mechanism

Attack Flow

Scope Inheritance Failure Context

Remediation

Immediate Action Required

Mitigations for Unpatched Deployments

Code-Level Fix Pattern

Impact Assessment

Key Takeaways

Sources

CVE-2026-22172: OpenClaw Critical Authorization Bypass via WebSocket Scope Elevation

CVE-2026-25770: Wazuh Privilege Escalation to Root via Cluster Protocol File Write

CVE-2026-32924: OpenClaw Authorization Bypass via Feishu Chat Misclassification