OpenClaw Privilege Escalation Vulnerability in Device Pair Approval
Vulnerability
A privilege escalation vulnerability has been identified in OpenClaw versions prior to 2026.3.28. The issue arises in the '/pair approve' command path, where the application fails to properly validate and forward caller scopes during the approval process. This oversight allows users with pairing privileges, but not admin rights, to approve device requests that require broader scopes, including admin access. The vulnerability is present in the 'extensions/device-pair/index.ts' and 'src/infra/device-pairing.ts' components.
Impact
Exploitation of this vulnerability allows a user with pairing privileges to gain unauthorized admin access by approving device requests that request such privileges.
Reproduction
To reproduce this vulnerability, a user must have pairing privileges but not admin rights. When a device request is made that requires admin access, the user can approve it without the necessary scope validation being applied, thereby escalating their privileges.
Remediation
Users can update to OpenClaw version 2026.3.28 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.