Summary
| Vulnerability Name | OpenClaw WebSocket Privilege Escalation via Shared Token |
| Released on | March 17, 2026 |
| Affected Component | OpenClaw |
| Affected Version | OpenClaw ≤ 2026.3.11 |
| Vulnerability Type | Privilege escalation |
| Exploitation Condition | 1. User authentication: required. 2. Precondition: default configurations. 3. Trigger mode: remote. |
| Impact | Exploitation difficulty: difficult. Regular user privileges are required. Severity: critical. This vulnerability can result in privilege escalation. |
| Official Solution | Available |
About the Vulnerability
Component Introduction
OpenClaw is an open-source personal AI assistant on GitHub. It interacts via messaging platforms such as WhatsApp, Telegram, and Discord, and supports both local- and cloud-based large language models (LLMs). It provides autonomous execution capabilities such as browser control, device operations, email or file processing, and voice conversations. OpenClaw is designed to serve as a locally resident, actively functional AI assistant for daily automation, productivity enhancement, and developer tasks.
Vulnerability Description
On March 17, 2026, Sangfor FarSight Labs received notification of the privilege escalation vulnerability in OpenClaw, classified as critical in threat level.
Specifically, when OpenClaw authenticates WebSocket connections by using a shared token or password, the server fails to validate or restrict the privilege scopes declared by the client. It directly trusts and accepts the client-declared scopes. This allows users with only a regular shared token or password to illegitimately claim administrator privileges, thereby resulting in privilege escalation.
Affected Versions
The following OpenClaw versions are affected:
OpenClaw ≤ 2026.3.11
Remediation Solutions
Official Solutions
The latest version has been officially released to fix the vulnerability. Affected users are advised to update OpenClaw to v2026.3.11 or later.
Download link: https://github.com/openclaw/openclaw
Temporary Solutions
- Disable unused functional modules to reduce attack entry points.
- Follow the principle of least privilege to strictly control the scope of permissions for sensitive operations.
- Do not expose services to the Internet unless necessary, to limit the access sources to trusted ranges.
- Regularly update the system and components to secure versions so that known vulnerabilities can be patched at the earliest opportunity.
Timeline
On March 17, 2026, Sangfor FarSight Labs received notification of the OpenClaw WebSocket privilege escalation vulnerability.
On March 17, 2026, Sangfor FarSight Labs released a vulnerability alert.
Reference
https://github.com/openclaw/openclaw/security/advisories/GHSA-rqpp-rjj8-7wv8
Learn More
Sangfor FarSight Labs researches the latest cyber threats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyber threats, providing fast and easy protection for customers.
