OpenClaw (npm), Privilege Escalation, CVE-2026-33579 (Critical)

Listen to this Post

How the mentioned CVE works:

The vulnerability exists in OpenClaw versions prior to 2026.3.28 within the device pairing module. Specifically, the `/pair approve` command path fails to properly forward the caller’s current privilege scopes into the core approval validation. A caller holding only low-level `operator.pairing` privileges can approve a pending device pairing request that asks for broader administrative scopes, including full `operator.admin` rights. This occurs because the system does not enforce a least-privilege check—it validates the target device’s approved scopes but does not constrain the newly granted scopes to those the caller already possesses. As a result, an attacker with only pairing capabilities can silently elevate their access to administrator level, bypassing all intended authorization gates. Once administrative access is obtained, the attacker can execute arbitrary system commands, read sensitive configuration data, and control the entire OpenClaw instance. The flaw was addressed in commit `aa66ae1fc797d3298cc409ed2c5da69a89950a45` by implementing caller-scope subsetting in the approval logic. The fix was released in version 2026.3.28 on 2026-03-27. This vulnerability is critical due to the complete compromise of gateway security and potential for remote code execution.

DailyCVE Form

Platform: OpenClaw npm
Version: <=2026.3.24
Vulnerability: Privilege Escalation
Severity: Critical
Date: 2026-03-27

Prediction: Patch date 2026-03-27

Analytics under heading What Undercode Say:

Check if you are vulnerable
npm list openclaw
If version <= 2026.3.24, update immediately
npm install openclaw@latest
Verify the fix commit
git log -1 --grep="aa66ae1fc797d3298cc409ed2c5da69a89950a45"
Manual mitigation (if immediate update is not possible)
Restrict network access to the pairing endpoint
iptables -A INPUT -p tcp --dport 3000 -m string --string "/pair" --algo bm -j DROP

Exploit:

An attacker with `operator.pairing` privileges sends a crafted `/pair approve` request for a device that is already approved for operator.admin. The system grants the administrative token without validating the caller’s limited scope.

Example exploit payload
curl -X POST http://target:3000/pair/approve \
-H "Authorization: Bearer <low-privilege-token>" \
-d '{"deviceId": "admin_device", "scopes": ["operator.admin"]}'

Protection from this CVE

  • Upgrade OpenClaw to version 2026.3.28 or later immediately.
  • If an immediate upgrade is not possible, temporarily disable the device pairing feature or restrict access to the pairing endpoint via a firewall.
  • Monitor logs for suspicious `/pair approve` requests originating from non-admin users.
  • Implement network segmentation to limit exposure of the gateway to untrusted networks.

Impact

  • Full Gateway Compromise: An attacker can obtain `operator.admin` privileges, gaining complete control over the OpenClaw instance.
  • Remote Code Execution: With admin access, the attacker can execute arbitrary system commands, leading to total host compromise.
  • Data Breach: Sensitive configuration data, API keys, and user messages can be exfiltrated.
  • Lateral Movement: The compromised gateway can be used as a pivot point to attack other systems on the network.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top