Iot

vulnerabilities 2026-04-09
CVE-2026-32922: OpenClaw Privilege Escalation Lets Any Paired Device Achieve Full RCE
A missing scope validation in OpenClaw's device.token.rotate endpoint lets any device with operator.pairing scope mint admin tokens and execute arbitrary code on connected nodes.
openclaw cve privilege-escalation rce iot cloud-security

CVE-2026-32922: OpenClaw Privilege Escalation Lets Any Paired Device Achieve Full RCE