Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Cvelist
Cvelistadded 2026/04/28 6:10 p.m.23 views

CVE-2026-42426 OpenClaw < 2026.4.8 - Improper Authorization in node.pair.approve via operator.write Scope

OpenClaw before 2026.4.8 contains an improper authorization vulnerability where the node.pair.approve method accepts operator.write scope instead of the narrower operator.pairing scope, allowing unprivileged users to approve node pairing. Attackers with operator.write permissions can bypass pairi...

8.8CVSS0.00041EPSS
Exploits0References3
Snyk
Snykadded 2026/03/31 11:50 p.m.0 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the /pair approve process. An attacker can gain unauthorized approval of device pairing requests with elevated privileges by submitting a device pairing request...

9.9CVSS5.9AI score0.00018EPSS
Exploits0References2
Snyk
Snykadded 2026/03/31 4:54 p.m.1 views

Incorrect Authorization

Overview @openclaw/nextcloud-talk is an OpenClaw Nextcloud Talk channel plugin Affected versions of this package are vulnerable to Incorrect Authorization due to missing validation of caller scopes in the pair approve process. An attacker can gain unauthorized administrative access by approving...

9.9CVSS5.9AI score0.00018EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/03/31 2:10 p.m.22 views

CVE-2026-33579 OpenClaw < 2026.3.28 - Privilege Escalation via Missing Caller Scope Validation in Device Pair Approval

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privileges but without admin privileges can approve pending device requests asking for broader scopes...

9.9CVSS0.00018EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/03/31 2:10 p.m.0 views

CVE-2026-33579 OpenClaw < 2026.3.28 - Privilege Escalation via Missing Caller Scope Validation in Device Pair Approval

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privileges but without admin privileges can approve pending device requests asking for broader scopes...

9.9CVSS5.9AI score0.00018EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/03/31 2:10 p.m.21 views

CVE-2026-33579

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privileges but without admin privileges can approve pending device requests asking for broader scopes...

8.6CVSS5.9AI score0.00018EPSS
Exploits0References4
CVE
CVEadded 2026/03/31 2:10 p.m.6 views

CVE-2026-33579

Technical details, affected products, and remediation are not provided in the supplied documents. Monitor for updates.

9.9CVSS5.9AI score0.00018EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologiesadded 2026/03/31 12:0 a.m.1 views

PT-2026-29259

Name of the Vulnerable Software and Affected Versions: OpenClaw versions prior to 2026.3.28 Description: A privilege escalation vulnerability exists in the /pair approve command path due to missing scope validation. A user with pairing privileges, but without admin privileges, can approve pending...

9.9CVSS7.2AI score0.00018EPSS
Exploits0References46
Rows per page
Query Builder