OpenClaw Authorization Bypass Vulnerability in Device-Pair Plugin Allowing Unauthorized Chat Senders to Issue Bootstrap Codes

An authorization bypass vulnerability has been identified in OpenClaw versions prior to 2026.5.4, specifically within the bundled device-pair plugin. This vulnerability allows non-owner authorized chat senders to issue device-pairing bootstrap codes without proper scope validation. Attackers with access to chat commands can create setup codes to enroll devices with operator or node capabilities, granting persistent credentials until manually removed. The issue arises because the device-pair plugin is enabled by default and exposes the pairing functionality on normal chat command surfaces, such as in configured Telegram, Discord, or Slack agents.

Impact

Exploitation of this vulnerability allows non-owner authorized chat senders to create device-pairing bootstrap codes, which can be used to enroll devices with operator or node capabilities. This enrollment grants persistent credentials that remain active until the device is manually removed.

Remediation

Users are advised to upgrade to OpenClaw version 2026.5.4 or later. After upgrading, review paired devices and remove any unexpected entries. In shared chat channels, limit command access to users who should manage device pairing.