13 matches found
EUVD-2026-45111
OpenClaw before 2026.5.18 contain an authorization bypass vulnerability in the device-pair approval feature that allows lower-trust callers to execute actions beyond their intended authorization. Attackers can exploit misconfigured input paths to execute or persist unauthorized actions when the...
EUVD-2026-45106
OpenClaw 2026.1.20 before 2026.5.27 contain an authorization bypass vulnerability in the device.pair.approve feature that allows lower-trust callers to bypass role-management checks. Attackers can perform actions requiring stronger authorization by reaching the affected feature through configured...
CVE-2026-35639
OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. Attackers can exploit insufficient scope validation ...
CVE-2026-35639 OpenClaw < 2026.3.22 - Privilege Escalation via device.pair.approve Scope Validation
OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. Attackers can exploit insufficient scope validation ...
CVE-2026-35639
OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. Attackers can exploit insufficient scope validation ...
CVE-2026-35639
CVE-2026-35639 affects OpenClaw prior to 2026.3.22. The vulnerability is in the device.pair.approve method, where an operator.pairing approver can approve pending device requests with broader operator scopes than the approver holds. This insufficient scope validation can escalate privileges to op...
CVE-2026-35639 OpenClaw < 2026.3.22 - Privilege Escalation via device.pair.approve Scope Validation
OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. Attackers can exploit insufficient scope validation ...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from insufficient range validation in the device.pair.approve method, which could lead to privilege escalati...
EUVD-2026-17437
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privileges but without admin privileges can approve pending device requests asking for broader scopes...
CVE-2026-33579 OpenClaw < 2026.3.28 - Privilege Escalation via Missing Caller Scope Validation in Device Pair Approval
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privileges but without admin privileges can approve pending device requests asking for broader scopes...
CVE-2026-33579
Technical details, affected products, and remediation are not provided in the supplied documents. Monitor for updates.
Improper Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Authorization via the device.pair.approve process. An attacker can gain unauthorized administrative privileges and execute arbitrary code by approving device requests for broader...
PT-2026-31774
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.22 Description OpenClaw contains a privilege escalation issue in the device.pair.approve method. An operator with pairing approval rights can approve device requests with broader operator scopes than authorize...