OpenClaw privilege escalation vulnerability
Scored daily by a customisable AI persona to surface the most relevant engineering leadership news.
OpenClaw privilege escalation is a critical vulnerability in an AI-adjacent tool requiring immediate patching.
OpenClaw before version 2026.3.28 has a high-severity privilege escalation vulnerability (CVE-2026-33579, CVSS 3.1: 8.1) in the /pair approve command. The flaw in extensions/device-pair/index.ts and src/infra/device-pairing.ts fails to forward caller scopes, allowing pairing-privileged users to approve admin-access requests. This incorrect authorization (CWE-863) enables attackers to escalate privileges via missing scope validation.
Update OpenClaw to version 2026.3.28 or later to patch the scope validation vulnerability and enforce proper caller scope checks in approval workflows.
As a senior engineer focused on cloud infrastructure and open-source tools, unpatched authorization flaws in components like OpenClaw can compromise deployed systems and require urgent remediation to prevent breaches.