Agents
OpenClaw CVE-2026-33579: /pair approve Command Path Privilege Escalation Enables Full Instance Takeover Across 135K Deployments
CVE-2026-33579 (CVSS 4.0: 8.6 HIGH) is a CWE-863 incorrect authorization vulnerability in OpenClaw before 2026.3.28 where the /pair approve command path fails to forward caller security scopes into the authorization check. An attacker registers a new device with operator.admin in desired scopes, then approves it with a low-privilege account — full instance takeover in seconds. This is distinct from the previously reported CVE-2026-32922 token scope bypass; detection involves flagging devices where registration and approval timestamps are within seconds and the approver is not a known admin.
Source
↳ Follow the thread