OpenClaw, Missing Authorization, CVE-2026-XXXX (Moderate)

Listen to this Post

The vulnerability resides in the node pairing approval flow. In OpenClaw, a node must be approved by an operator before it can join the cluster. The approval method `node.pair.approve` is exposed via the gateway and is responsible for granting the requested permission scopes to the pending node. Due to a missing validation of the `callerScopes` parameter, the method does not verify that the operator initiating the approval actually possesses every scope that the node is requesting. This allows a low‑privilege operator (one who holds only a subset of the required scopes) to approve a node that asks for broader, more powerful scopes. After approval, the node is granted the full set of requested scopes, effectively elevating the operator’s privileges through the node. The flaw exists because the approval logic only checks that the operator has permission to call the method itself, but not that the operator’s scopes are a superset of the scopes being assigned. The issue affects all versions up to and including 2026.3.24 and was fixed in version 2026.3.28 by introducing a proper superset check before finalizing the approval.
Platform: OpenClaw
Version: ≤ 2026.3.24
Vulnerability: Missing callerScopes validation
Severity: Moderate
date: March 31, 2026

Prediction: March 28, 2026

What Undercode Say:

Check current OpenClaw version
openclaw --version
Verify if fix is present (commit 4d7cc6bb4f)
git log -1 --oneline | grep 4d7cc6bb4f
Simulate low-privilege operator attempt (example using curl)
curl -X POST http://gateway:port/node.pair.approve \
-H "Authorization: Bearer <low_priv_token>" \
-d '{"nodeId":"malicious","requestedScopes":["admin","cluster"]}'

Exploit:

A low‑privilege operator crafts a node pairing request that asks for scopes the operator does not hold. By calling `node.pair.approve` without the superset validation, the gateway grants the node the elevated scopes. The attacker then uses the paired node to perform privileged actions, effectively bypassing the operator’s own limitations.

Protection from this CVE:

Upgrade to OpenClaw version 2026.3.28 or later. If immediate upgrade is not possible, restrict access to the `node.pair.approve` method to only highly privileged operators until the patch can be applied.

Impact:

An authenticated attacker with minimal privileges can escalate their effective permissions by pairing a malicious node, leading to unauthorized control over cluster resources and potential lateral movement.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top