Lucene search
+L

13 matches found

EUVD
EUVD
added 11 hours ago3 views

EUVD-2026-45111

OpenClaw before 2026.5.18 contain an authorization bypass vulnerability in the device-pair approval feature that allows lower-trust callers to execute actions beyond their intended authorization. Attackers can exploit misconfigured input paths to execute or persist unauthorized actions when the...

8.8CVSS6.2AI score
Exploits0References2
EUVD
EUVD
added 11 hours ago3 views

EUVD-2026-45106

OpenClaw 2026.1.20 before 2026.5.27 contain an authorization bypass vulnerability in the device.pair.approve feature that allows lower-trust callers to bypass role-management checks. Attackers can perform actions requiring stronger authorization by reaching the affected feature through configured...

8.8CVSS6.1AI score
Exploits0References2
NVD
NVD
added 2026/04/09 10:16 p.m.19 views

CVE-2026-35639

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. Attackers can exploit insufficient scope validation ...

8.8CVSS0.00458EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/09 9:27 p.m.21 views

CVE-2026-35639 OpenClaw < 2026.3.22 - Privilege Escalation via device.pair.approve Scope Validation

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. Attackers can exploit insufficient scope validation ...

8.8CVSS0.00458EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:27 p.m.1 views

CVE-2026-35639

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. Attackers can exploit insufficient scope validation ...

8.8CVSS6.5AI score0.00458EPSS
Exploits0References5
CVE
CVE
added 2026/04/09 9:27 p.m.22 views

CVE-2026-35639

CVE-2026-35639 affects OpenClaw prior to 2026.3.22. The vulnerability is in the device.pair.approve method, where an operator.pairing approver can approve pending device requests with broader operator scopes than the approver holds. This insufficient scope validation can escalate privileges to op...

8.8CVSS6.5AI score0.00458EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/09 9:27 p.m.3 views

CVE-2026-35639 OpenClaw < 2026.3.22 - Privilege Escalation via device.pair.approve Scope Validation

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. Attackers can exploit insufficient scope validation ...

8.7CVSS6.6AI score0.00458EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.10 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from insufficient range validation in the device.pair.approve method, which could lead to privilege escalati...

8.8CVSS6.2AI score0.00458EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/31 3:31 p.m.4 views

EUVD-2026-17437

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privileges but without admin privileges can approve pending device requests asking for broader scopes...

8.6CVSS5.9AI score0.00624EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/31 2:10 p.m.33 views

CVE-2026-33579 OpenClaw < 2026.3.28 - Privilege Escalation via Missing Caller Scope Validation in Device Pair Approval

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privileges but without admin privileges can approve pending device requests asking for broader scopes...

9.9CVSS0.00624EPSS
Exploits0References3
CVE
CVE
added 2026/03/31 2:10 p.m.16 views

CVE-2026-33579

Technical details, affected products, and remediation are not provided in the supplied documents. Monitor for updates.

9.9CVSS5.9AI score0.00624EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/03/26 9:40 p.m.5 views

Improper Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Authorization via the device.pair.approve process. An attacker can gain unauthorized administrative privileges and execute arbitrary code by approving device requests for broader...

9.9CVSS6.2AI score0.00458EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.6 views

PT-2026-31774

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.22 Description OpenClaw contains a privilege escalation issue in the device.pair.approve method. An operator with pairing approval rights can approve device requests with broader operator scopes than authorize...

9.4CVSS6.4AI score0.00458EPSS
Exploits0References15
Rows per page
Query Builder