Two More Privilege Escalation Flaws - Here's What They Mean and How to Patch Both at Once
CVE-2026-33579 (CVSS 9.8) lets any user with pairing access self-approve full admin control. CVE-2026-35669 (CVSS 8.8) grants admin-level permissions to authenticated users through plugin routes regardless of what access
OpenClaw just disclosed two more privilege escalation vulnerabilities - one critical, one high severity - and both are fixed in the same update you should already be running.
TL;DR: CVE-2026-33579 (CVSS 9.8) lets any user with pairing access self-approve full admin control. CVE-2026-35669 (CVSS 8.8) grants admin-level permissions to authenticated users through plugin routes regardless of what access they were actually assigned. Both are fixed in version 2026.3.25. If you haven't updated, do it now.
What actually happened?
Here's the thing. OpenClaw has a permission system - think of it kind of like hotel key cards. You get a card that opens your room and the gym, but not the penthouse or the security office. These two vulnerabilities broke that system in different ways.
The first one, CVE-2026-33579, is the bigger deal. A user with basic pairing privileges - basically someone who can connect a new device to your setup - could run a single command to approve themselves as a full administrator. No extra steps, no exploits needed. Just "I'd like admin access, please" and the system said "sure." This is the sixth time in six weeks that researchers have found essentially the same design flaw in OpenClaw's pairing system. Six variants. Same root problem. That's not a bug - that's a pattern.
The second one, CVE-2026-35669, is a different flavor of the same failure. When you use OpenClaw plugins that connect through the gateway, every authenticated request was automatically upgraded to full admin-level access. Didn't matter what permissions you were actually assigned. Best way to think of it is like a building where every employee badge opens every door - even the ones marked "authorized personnel only."
Why should you care?
Both of these are privilege escalation flaws. That means someone who already has some access - even limited access - can quietly upgrade themselves to full control. They can read your files, modify your automations, access whatever your OpenClaw instance connects to. And researchers estimate over 42,000 OpenClaw instances are publicly exposed, with 63% running without gateway authentication at all.
What should you do right now?
Here's what I want you to do:
- Check your version. If you're running anything below 2026.3.25, you're exposed to both flaws. Update today.
- Turn on gateway authentication. If it's off, anyone can reach your instance. That's not a configuration choice - it's an open door.
- Audit who has pairing access. The fewer people who can pair devices, the smaller your attack surface.