OpenClaw Privilege Escalation Vulnerability in Device Pairing Approval Method
Vulnerability
A privilege escalation vulnerability has been identified in OpenClaw versions prior to 2026.3.22. The issue resides in the device.pair.approve method, where an operator.pairing approver can approve pending device requests with broader operator scopes than they actually possess. This flaw allows attackers to exploit inadequate scope validation, escalating privileges to operator.admin and executing remote code on the Node infrastructure.
Impact
Exploitation of this vulnerability allows for unauthorized privilege escalation to operator.admin, followed by remote code execution on the Node infrastructure.
Reproduction
To reproduce this vulnerability, an operator.pairing approver must approve a pending device request using the device.pair.approve method. The approver can manipulate the operator scopes to gain unauthorized privileges, specifically operator.admin rights. Once the privileges are escalated, remote code can be executed on the Node infrastructure.
Remediation
Users can upgrade to OpenClaw version 2026.3.22 or later to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.