4 matches found
CVE-2026-32905
OpenClaw versions before 2026.5.4 contain an authorization bypass in the bundled device-pair plugin that lets non-owner users with chat command access issue device‑pairing bootstrap codes without proper scope validation. Attackers can enroll devices with operator/node capabilities by creating set...
CVE-2026-32905 OpenClaw < 2026.5.4 - Unauthorized Device-Pairing Bootstrap Code Issuance via Chat Command
OpenClaw before 2026.5.4 contains an authorization bypass vulnerability in the bundled device-pair plugin that allows non-owner authorized chat senders to issue device-pairing bootstrap codes without proper scope validation. Attackers with chat command access can create setup codes to enroll...
PT-2026-44891
OpenClaw before 2026.5.4 contains an authorization bypass vulnerability in the bundled device-pair plugin that allows non-owner authorized chat senders to issue device-pairing bootstrap codes without proper scope validation. Attackers with chat command access can create setup codes to enroll...
EUVD-2022-1232
Malicious code in bioql PyPI...