Lucene search
K

11 matches found

NVD
NVD
added 2026/04/09 10:16 p.m.18 views

CVE-2026-35639

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. Attackers can exploit insufficient scope validation ...

8.8CVSS0.00458EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/09 9:27 p.m.21 views

CVE-2026-35639 OpenClaw < 2026.3.22 - Privilege Escalation via device.pair.approve Scope Validation

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. Attackers can exploit insufficient scope validation ...

8.8CVSS0.00458EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:27 p.m.1 views

CVE-2026-35639

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. Attackers can exploit insufficient scope validation ...

8.8CVSS6.5AI score0.00458EPSS
Exploits0References5
CVE
CVE
added 2026/04/09 9:27 p.m.21 views

CVE-2026-35639

CVE-2026-35639 affects OpenClaw prior to 2026.3.22. The vulnerability is in the device.pair.approve method, where an operator.pairing approver can approve pending device requests with broader operator scopes than the approver holds. This insufficient scope validation can escalate privileges to op...

8.8CVSS6.5AI score0.00458EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/04/09 5:36 p.m.5 views

Improper Privilege Management

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Privilege Management via the node.pair.approve function being assigned to the broader operator.write scope instead of the intended operator.pairing scope. An attacker can gain...

8.8CVSS5.8AI score0.00282EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.10 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from insufficient range validation in the device.pair.approve method, which could lead to privilege escalati...

8.8CVSS6.2AI score0.00458EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/31 4:54 p.m.4 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via insufficient validation in the node.pair.approve process. An attacker can gain unauthorized access to paired nodes with elevated privileges by exploiting missi...

8.6CVSS5.9AI score0.00379EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/31 4:54 p.m.4 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization due to missing validation of caller scopes in the pair approve process. An attacker can gain unauthorized administrative access by approving device requests for...

9.9CVSS5.9AI score0.00624EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/31 3:31 p.m.7 views

Duplicate Advisory: OpenClaw: /pair approve command path omitted caller scope subsetting and reopened device pairing escalation

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hc5h-pmr3-3497. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails ...

9.9CVSS5.8AI score0.00624EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/03/26 9:40 p.m.5 views

Improper Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Authorization via the device.pair.approve process. An attacker can gain unauthorized administrative privileges and execute arbitrary code by approving device requests for broader...

9.9CVSS6.2AI score0.00458EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.6 views

PT-2026-31774

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.22 Description OpenClaw contains a privilege escalation issue in the device.pair.approve method. An operator with pairing approval rights can approve device requests with broader operator scopes than authorize...

9.4CVSS6.4AI score0.00458EPSS
Exploits0References15
Rows per page
Query Builder