Listen to this Post
How CVE-2026-32905 Works
OpenClaw before version 2026.5.4 contains an authorization bypass vulnerability in the bundled device-pair plugin. The plugin exposes the `/pair` command on normal chat command surfaces (e.g., Telegram, Discord, Slack). In affected releases, authorized non‑owner chat senders can issue device‑pairing bootstrap codes without having owner, admin, or pairing scope.
The vulnerability stems from improper authorization (CWE‑862) — the system fails to validate that the caller possesses the necessary scope before generating a bootstrap code. Because the `/pair` endpoint is accessible via normal chat commands, any user who is already allowed to send commands to the agent through a configured chat channel can trigger code generation.
The attack is remote and requires only low privileges (a valid chat sender account). No user interaction is needed, and the attacker does not need to be the device owner. Once a bootstrap code is created, the attacker can use it before expiry to enroll a new device with operator or node capabilities. That enrolled device then retains persistent credentials until manually removed from the system.
Affected configurations include all OpenClaw deployments where the bundled device‑pair plugin is enabled and a non‑owner sender is authorized to use normal chat commands — for example, in environments with Telegram, Discord, or Slack agents. All OpenClaw releases prior to 2026.5.4 are vulnerable. The vulnerability has a CVSS v3 base score of 8.3 (High) and a CVSS v4 score of 8.7 (High).
DailyCVE Form
Platform: OpenClaw
Version: < 2026.5.4
Vulnerability: Authorization Bypass (CWE-862)
Severity: High (CVSS 8.3)
Date: 2026-03-16
Prediction: 2026-05-04
What Undercode Say
Check OpenClaw Version
openclaw --version or npm list openclaw
Upgrade to Patched Version
npm install [email protected] or yarn add [email protected]
Verify Plugin Status
Check if device-pair plugin is enabled openclaw plugins list | grep device-pair
List Paired Devices
openclaw device list or check the device-pairing store cat ~/.openclaw/device-pairing.json
Remove Unexpected Devices
openclaw device remove <device-id>
Disable Device-Pair Plugin (Temporary Workaround)
openclaw plugins disable device-pair
Exploit
An attacker with chat command access (e.g., a member of a Telegram group where the OpenClaw agent is present) can send the `/pair` command to generate a bootstrap code:
/pair generate
The system responds with a setup code (e.g., abcd-1234-efgh-5678) without verifying that the sender has owner, admin, or pairing scope. The attacker then uses this code to enroll a new device:
/pair enroll <code>
The enrolled device gains operator/node capabilities and retains persistent credentials until manually removed. No further authentication is required.
Protection
- Upgrade to OpenClaw version 2026.5.4 or later immediately.
- Review all paired devices and remove any unexpected entries.
- Restrict chat command permissions to only users who should be allowed to manage device pairing.
- Disable the device‑pair plugin entirely if not required.
- Monitor chat logs for unauthorized `/pair` command usage.
- Rotate credentials for any devices that may have been enrolled during the vulnerable period.
Impact
A non‑owner authorized sender can create a setup code and use it before expiry to enroll a device with operator or node capabilities. That device then retains persistent credentials until manually removed. This can lead to:
– Unauthorized device enrollment — attackers can add rogue devices to the OpenClaw network.
– Privilege escalation — enrolled devices may gain operator or admin‑level access.
– Persistent access — credentials remain valid until manual revocation, enabling long‑term compromise.
– Data confidentiality and integrity risks — the vulnerability affects confidentiality, integrity, and availability.
🎯Let’s Practice Exploiting & Learn Patching For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

