Listen to this Post
The vulnerability resides in the `device.token.rotate` function of OpenClaw versions <= v2026.04.01. Under normal operation, device role-upgrade pairing requires explicit approval when promoting or changing a device’s roles/scopes. However, the token rotation mechanism fails to validate whether the new token’s roles have been properly approved through the pairing workflow. An attacker who can invoke `device.token.rotate` (e.g., via local API call or compromised device context) can request a fresh token while preserving or injecting arbitrary roles/scopes that were never authorized. The backend logic does not compare the requested roles against an approved baseline; it merely rotates the cryptographic material while carrying over the existing claims or allowing the caller to specify new ones. This bypasses the intended pairing approval step, effectively minting a token with elevated privileges (e.g., admin, unrestricted assistant actions) without any multi-step validation. The attack does not require breaking cryptography—only the ability to call the rotation endpoint with crafted role parameters. OpenClaw’s trust model assumes a user-controlled local assistant, but this flaw breaks role isolation even in that single-user context, enabling privilege escalation. The fix in commit d7c3210cd6f5fdfdc1beff4c9541673e814354d5 enforces role approval checks during rotation, ensuring that only previously approved roles are carried over.
dailycve form:
Platform: OpenClaw npm
Version: <=2026.04.01
Vulnerability: Token rotation bypass
Severity: High
date: 2026-04-09
Prediction: Patch date 2026-04-08
What Undercode Say:
Analytics:
Check installed openclaw version
npm list openclaw --depth=0
Verify vulnerable range
if npm list openclaw@<=2026.04.01; then echo "VULNERABLE"; fi
Simulate token rotation (exploit concept)
curl -X POST http://localhost:3000/device.token.rotate \
-H "Authorization: Bearer $OLD_TOKEN" \
-d '{"roles": ["unapproved_admin"]}'
Detect fix by commit hash
git ls-remote https://github.com/openclaw/openclaw.git d7c3210cd6f5fdfdc1beff4c9541673e814354d5
Upgrade to patched version
npm install [email protected]
Exploit:
Call `device.token.rotate` with a payload that adds a high‑privilege role (e.g., "role": "superuser") not previously approved. The endpoint returns a new valid token containing that role, granting unauthorized actions like reading sensitive local data or executing system commands.
Protection from this CVE:
Upgrade to OpenClaw v2026.4.8 or later. If patching is delayed, disable the `device.token.rotate` endpoint via configuration or network ACLs. Monitor logs for token rotation events with unexpected role claims.
Impact:
Bypass of device role‑upgrade pairing, allowing unapproved roles to be minted. An attacker with local API access can escalate privileges to full assistant control, compromising confidentiality and integrity of the user’s environment. No multi‑tenant boundary assumed, but single‑user trust model is broken.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

