Privilege-Escalation

CVE-2026-33579 is a critical privilege escalation vulnerability in OpenClaw (CVSS 8.1–9.8) that allowed anyone with operator.pairing scope — the lowest permission level — to silently grant themselves full admin access. It was patched in v2026.3.28, but the exploit leaves no obvious trace. Security experts recommend that any OpenClaw instance running a pre-patch version should be treated as potentially compromised, even without visible evidence of breach. This checklist walks you through the full audit process. ...

If you’re running a self-hosted OpenClaw instance and haven’t patched in the last week, stop what you’re doing. Security researchers are using a phrase that should make any sysadmin’s stomach drop: “assume compromise.” That’s not alarmism. It’s a measured response to CVE-2026-33579 — a critical privilege escalation vulnerability in OpenClaw that was patched earlier this week, but not before potentially exposing thousands of installations to silent, undetectable admin takeover. What Is CVE-2026-33579? The vulnerability affects all versions of OpenClaw prior to v2026.3.28. Its CVSS score ranges from 8.1 to 9.8 depending on the metric used — squarely in the “critical” band. ...

If you’re running OpenClaw, stop what you’re doing and read this. Oasis Security’s research team published threat research today revealing a critical vulnerability chain in OpenClaw that enables attackers to achieve full workstation compromise — potentially including privilege escalation and credential theft — initiated entirely from a browser tab. This is a distinct and separate issue from the GHSA-mr32 CVE batch that was patched earlier this month. Compounding the urgency: SecurityScorecard has identified more than 40,000 exposed OpenClaw instances accessible from the public internet. ...