Four Critical CVEs Hit OpenClaw: What You Need to Know (March 2026)

On March 13, four security advisories dropped for OpenClaw. The worst one scores a CVSS 9.9. If you self-host, you need to act on this today. WebSocket Privilege Escalation (CVSS 9.9) This is the big one. Any authenticated client can self-declare operator.admin scope during the WebSocket handshake. The server never checked whether the device identity actually had that scope. A low-privilege user could grant themselves full admin access. No exploitation confirmed in the wild, but the attack is trivial. Fixed in 2026.3.12. Feishu Webhook Forgery (CVSS 8.6) If you use Feishu or Lark, setups relying only on verificationToken without configuring encryptKey accepted forged webhook payloads. An attacker could impersonate any Feishu sender and trigger arbitrary agent actions. Fixed in 2026.3.12. Credential Exposure in Setup Codes (CVSS 5.3) The /pair endpoint embedded the gateway's long-lived auth token directly in pairing payloads. Anyone who recovered a QR code from logs or screenshots could