OpenClaw, Credential Exposure in Setup Codes, CVE-2026-XXXX (Moderate)

Listen to this Post

The vulnerability addressed in this advisory is a critical flaw in the device pairing mechanism of OpenClaw versions up to 2026.3.11 . The core issue resides in how the system generates “setup codes” used to authenticate new devices or clients to the OpenClaw gateway . These codes are generated via the `/pair` API endpoint and the `openclaw qr` command-line interface. Prior to the patch, the setup payload did not contain a short-lived, single-use bootstrap token as expected in secure pairing flows . Instead, the code embedded the gateway’s long-lived shared credential—specifically, the configured shared gateway token or password—directly within the setup payload . This means anyone who obtained a screenshot of the QR code, accessed a log file where the code was printed, or retrieved the code from a chat history could extract a credential that is valid indefinitely .

dailycve form:

Platform: OpenClaw
Version: <=2026.3.11
Vulnerability : Credential Exposure in Setup Codes
Severity: Moderate
date: 2026-03-13

Prediction: 2026-04-13

What Undercode Say:

Analytics:

This vulnerability represents a fundamental failure in following the principal of least privilege and short-lived secrets. Instead of creating a temporary token scoped only to the initial bootstrap process, the developers mistakenly used the permanent, highly-privileged gateway credential as the pairing secret . The risk is amplified by the various ways these setup codes are transmitted and stored. A user might post a screenshot of a QR code in a public support channel, or the plaintext code could be printed to console logs during debugging. An attacker who recovers this code from any of these sources can then use it to authenticate to the gateway as if they were a trusted device, indefinitely. The fix in version 2026.3.12 correctly implements a short-lived bootstrap token, ensuring that even if a setup code is leaked, its utility expires, forcing an attacker to re-compromise the initial generation step .

Bash Commands and Codes:

You can check your current OpenClaw version and test for the presence of old, leaked credentials.

Check the installed version of OpenClaw
openclaw --version
If you have an older version, inspect the gateway configuration file
to understand the scope of the potentially exposed shared secret.
WARNING: This file contains the actual credential. Handle with care.
cat ~/.openclaw/config/gateway.json | grep -E "token|password"
Simulate the old code generation to see the embedded credential
(Only for educational purposes on an air-gapped test system)
openclaw qr --show-code 2>&1 | tee setup_code.txt
cat setup_code.txt
If the output is a long string that looks like a base64 encoded token or password,
rather than a short random string, it is vulnerable.
After upgrading to 2026.3.12, verify the new bootstrap mechanism.
openclaw qr --show-code
The output should now be a short-lived token, typically valid for < 10 minutes.
Rotate the actual gateway credential if you suspect a leak.
Regenerate a new token/password in your gateway config and restart the service.

How Exploit:

An attacker does not need to interact with the running OpenClaw service to exploit this. The exploit is purely data-in-transit or data-at-rest .
1. Obtain a Setup Code: The attacker first must acquire a valid setup code. This is done through social engineering (asking a user to run `openclaw qr` and send the output), by accessing a shared screen/screenshot containing the QR code, or by reading unprotected application logs where the code was printed during a debug session .
2. Extract Credential: The attacker examines the obtained payload. Since the payload is the long-lived credential, no extraction is needed. The code itself is the gateway token.
3. Reuse Credential: The attacker now possesses a permanent gateway credential. They can use this token to directly authenticate API requests to the OpenClaw gateway, bypassing any future pairing flows and gaining persistent, unauthorized access to the system and all its connected tools and data .

Protection from this CVE

  • Immediate Update: The primary and most effective protection is to update OpenClaw to version `2026.3.12` or later. This changes the code generation logic to use short-lived bootstrap tokens .
  • Rotate Exposed Credentials: If there is any chance a setup code was leaked (e.g., printed to a log, shared in a chat), you must immediately rotate the shared gateway credential. This involves generating a new token or password in your OpenClaw gateway configuration and restarting the service to invalidate the old one. This is a critical post-update step, as simply updating the software does not revoke already-leaked permanent credentials .
  • Secure Logging: Configure OpenClaw and any surrounding infrastructure to never print sensitive data, including setup codes or tokens, to standard output or log files.
  • User Education: Train users to treat setup codes as highly sensitive secrets and to never share screenshots of QR codes or paste the codes into public channels.

Impact

  • Persistence: An attacker who obtains a single leaked setup code gains persistent, long-term access to the OpenClaw gateway.
  • Privilege Escalation: The compromised credential grants the attacker the full privileges of an authenticated gateway device, allowing them to invoke tools, access files, and execute commands that the gateway is authorized to perform.
  • Lateral Movement: With access to the gateway, the attacker can potentially use it as a pivot point to access other connected systems and internal networks that the gateway interacts with.
  • Data Breach: The attacker can use the stolen credential to exfiltrate any data accessible through the OpenClaw agent, including documents, messages, and API keys stored by the agent.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top