3 matches found
CVE-2026-53852
OpenClaw is affected by a scope containment bypass vulnerability (CVE-2026-53852) present prior to version 2026.4.25. The issue allows authenticated operators to bypass containment by submitting empty-scope device re-pairing requests, enabling them to restore broader scopes and retain unauthorize...
PT-2026-49769
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.25 Description A scope containment bypass exists in the device re-pairing process. Authenticated operators can restore or retain broader scopes than intended by submitting re-pairing requests with empty scope...
Privilege Escalation
OpenClaw is vulnerable to privilege escalation. The vulnerability is due to improper authorization in the node reconnection process, which allows an attacker using a previously paired node to bypass re-pairing authentication and execute privileged commands on the local assistant system...