On March 13, four security advisories dropped for OpenClaw. The worst one scores a CVSS 9.9. If you self-host, you need to act on this today.
WebSocket Privilege Escalation (CVSS 9.9)
This is the big one. Any authenticated client can self-declare operator.admin scope during the WebSocket handshake. The server never checked whether the device identity actually had that scope. A low-privilege user could grant themselves full admin access. No exploitation confirmed in the wild, but the attack is trivial. Fixed in 2026.3.12.
Feishu Webhook Forgery (CVSS 8.6)
If you use Feishu or Lark, setups relying only on verificationToken without configuring encryptKey accepted forged webhook payloads. An attacker could impersonate any Feishu sender and trigger arbitrary agent actions. Fixed in 2026.3.12.
Credential Exposure in Setup Codes (CVSS 5.3)
The /pair endpoint embedded the gateway's long-lived auth token directly in pairing payloads. Anyone who recovered a QR code from logs or screenshots could authenticate indefinitely. Fixed in 2026.3.12, but you need to rotate your gateway credentials after the upgrade.
Exec Approval Bypass (CVSS 5.3)
A case-folding mismatch combined with the ? wildcard crossing directory boundaries meant agents could execute commands without user approval. Fixed in 2026.3.11.
What You Should Do
- Update to 2026.3.12
- Rotate gateway credentials
- Configure encryptKey for Feishu integrations
- Review your security hardening setup
Full writeup with links to every advisory: clawhosters.com/blog/posts/openclaw-critical-cves-march-2026
Top comments (0)