CVE-2026-35639: Critical Privilege Escalation in OpenClaw AI Agent Platform (CVSS 8.7)

OpenClaw, a widely-deployed open-source AI agent platform with over 340,000 GitHub stars, patched a CVSS 8.7 privilege escalation vulnerability (CVE-2026-35639) on April 9–10, 2026. The flaw allows any caller — including unauthenticated callers on instances without authentication enabled — to escalate to full operator access via a crafted device.pair.approve request. A companion code execution vulnerability (CVE-2026-35641, CVSS 8.4) was patched in the same batch. Research indicates 63% of the 135,000 publicly internet-exposed OpenClaw instances run without authentication, making these remotely exploitable with zero credentials.

Crafted HTTP requests to the device.pair.approve API endpoint allow scope escalation to operator-level privileges. On unauthenticated instances, no credentials are required. Combined with CVE-2026-35641 (arbitrary code execution), a full RCE chain is achievable from the network perimeter.

OpenClaw AI agent platform (all versions before April 9–10, 2026 patches); particularly critical for internet-exposed instances without authentication enabled. Over 135,000 publicly accessible instances identified.

Update OpenClaw to the April 9–10, 2026 patch release immediately. Enable authentication on all instances. Conduct a network scan to identify any internet-exposed OpenClaw instances. Review access logs for anomalous device.pair.approve requests. Consider placing OpenClaw behind a VPN or reverse proxy with authentication regardless of the application-level auth setting.