CVE-2026-32922: OpenClaw's Most Severe Vulnerability (CVSS 9.9) Allows Single-API-Call Takeover

Critical privilege escalation in device.token.rotate allows single API call to convert pairing token into full admin + RCE. CVSS 9.9/9.4. 135k+ exposed instances. Patched in v2026.3.11.

Product Idea from this Signal

A background service that continuously monitors your OpenClaw instance version against the live CVE database and alerts before known exploits can land

1.4k ▲

OpenClaw accumulated 138 CVEs in under 5 months of 2026, including CVE-2026-32922 (CVSS 9.9) which allows a single API call to convert a pairing token into full admin control with remote code execution. Over 135,000 instances sit exposed on the public internet. Most operators have no automated way to know when a new CVE drops or whether their version is affected. This service runs alongside the OpenClaw gateway, checks the installed version against a maintained CVE feed, scores exposure risk based on enabled features and network configuration, and sends alerts with specific patch instructions before attackers can scan and exploit.

SECURITYBACKGROUND-SERVICEOPEN-SOURCEDEVOPSMONITORING

CompetitiveView Opportunity →