OpenClaw: node.pair.approve missing callerScopes validation allows low-privilege operator to approve malicious nodes

Summary The node pairing approval path did not consistently enforce that the approving caller already held every scope requested by the node. Impact A lower-privileged operator could approve a pending node request for broader scopes and extend privileges onto the paired node. Affected Component...

EUVD-2026-17433

OpenClaw: node.pair.approve missing callerScopes validation allows low-privilege operator to approve malicious nodes...

GHSA-2X4X-CC5G-QMMG OpenClaw: node.pair.approve missing callerScopes validation allows low-privilege operator to approve malicious nodes

Summary The node pairing approval path did not consistently enforce that the approving caller already held every scope requested by the node. Impact A lower-privileged operator could approve a pending node request for broader scopes and extend privileges onto the paired node. Affected Component...

CVE-2026-33577

OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node pairing approval path that allows low-privilege operators to approve nodes with broader scopes. Attackers can exploit missing callerScopes validation in node-pairing.ts to extend privileges onto paired...

CVE-2026-33577 OpenClaw < 2026.3.28 - Insufficient Scope Validation in node.pair.approve

OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node pairing approval path that allows low-privilege operators to approve nodes with broader scopes. Attackers can exploit missing callerScopes validation in node-pairing.ts to extend privileges onto paired...

CVE-2026-33577 OpenClaw < 2026.3.28 - Insufficient Scope Validation in node.pair.approve

OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node pairing approval path that allows low-privilege operators to approve nodes with broader scopes. Attackers can exploit missing callerScopes validation in node-pairing.ts to extend privileges onto paired...

CVE-2026-33577

OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node pairing approval path that allows low-privilege operators to approve nodes with broader scopes. Attackers can exploit missing callerScopes validation in node-pairing.ts to extend privileges onto paired...

CVE-2026-33577

OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node pairing approval path that allows low-privilege operators to approve nodes with broader scopes. Attackers can exploit missing callerScopes validation in node-pairing.ts to extend privileges onto paired...

PT-2026-29257

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description OpenClaw contains an insufficient scope validation issue in the node pairing approval path. This allows low-privilege operators to approve nodes with broader scopes than they are authorized to,...

CVE-2021-41217

TensorFlow is an open source platform for machine learning. In affected versions the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not. This occurs because the code assumes that the first node in th...

SUSE CVE-2021-41217

TensorFlow is an open source platform for machine learning. In affected versions the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not. This occurs because the code assumes that the first node in th...