Listen to this Post
How the mentioned CVE works:
The vulnerability exists in OpenClaw versions prior to 2026.3.28 within the device pairing module. Specifically, the `/pair approve` command path fails to properly forward the caller’s current privilege scopes into the core approval validation. A caller holding only low-level `operator.pairing` privileges can approve a pending device pairing request that asks for broader administrative scopes, including full `operator.admin` rights. This occurs because the system does not enforce a least-privilege check—it validates the target device’s approved scopes but does not constrain the newly granted scopes to those the caller already possesses. As a result, an attacker with only pairing capabilities can silently elevate their access to administrator level, bypassing all intended authorization gates. Once administrative access is obtained, the attacker can execute arbitrary system commands, read sensitive configuration data, and control the entire OpenClaw instance. The flaw was addressed in commit `aa66ae1fc797d3298cc409ed2c5da69a89950a45` by implementing caller-scope subsetting in the approval logic. The fix was released in version 2026.3.28 on 2026-03-27. This vulnerability is critical due to the complete compromise of gateway security and potential for remote code execution.
DailyCVE Form
Platform: OpenClaw npm
Version: <=2026.3.24
Vulnerability: Privilege Escalation
Severity: Critical
Date: 2026-03-27
Prediction: Patch date 2026-03-27
Analytics under heading What Undercode Say:
Check if you are vulnerable npm list openclaw If version <= 2026.3.24, update immediately npm install openclaw@latest Verify the fix commit git log -1 --grep="aa66ae1fc797d3298cc409ed2c5da69a89950a45" Manual mitigation (if immediate update is not possible) Restrict network access to the pairing endpoint iptables -A INPUT -p tcp --dport 3000 -m string --string "/pair" --algo bm -j DROP
Exploit:
An attacker with `operator.pairing` privileges sends a crafted `/pair approve` request for a device that is already approved for operator.admin. The system grants the administrative token without validating the caller’s limited scope.
Example exploit payload
curl -X POST http://target:3000/pair/approve \
-H "Authorization: Bearer <low-privilege-token>" \
-d '{"deviceId": "admin_device", "scopes": ["operator.admin"]}'
Protection from this CVE
- Upgrade OpenClaw to version 2026.3.28 or later immediately.
- If an immediate upgrade is not possible, temporarily disable the device pairing feature or restrict access to the pairing endpoint via a firewall.
- Monitor logs for suspicious `/pair approve` requests originating from non-admin users.
- Implement network segmentation to limit exposure of the gateway to untrusted networks.
Impact
- Full Gateway Compromise: An attacker can obtain `operator.admin` privileges, gaining complete control over the OpenClaw instance.
- Remote Code Execution: With admin access, the attacker can execute arbitrary system commands, leading to total host compromise.
- Data Breach: Sensitive configuration data, API keys, and user messages can be exfiltrated.
- Lateral Movement: The compromised gateway can be used as a pivot point to attack other systems on the network.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

