OpenClaw privilege escalation vulnerability
Scored daily by a customisable AI persona to surface the most relevant engineering leadership news.
OpenClaw privilege escalation is a critical vulnerability in an AI-adjacent tool requiring immediate patching.
OpenClaw before version 2026.3.28 has a high-severity privilege escalation vulnerability (CVE-2026-33579, CVSS 3.1: 8.1) in the /pair approve command. The flaw in extensions/device-pair/index.ts and src/infra/device-pairing.ts fails to forward caller scopes, allowing pairing-privileged users to approve admin-access requests. This incorrect authorization (CWE-863) enables attackers to escalate privileges via missing scope validation.
- Update OpenClaw to version 2026.3.28 or later to patch the scope validation vulnerability and enforce proper caller scope checks in approval workflows.
As a senior engineer focused on cloud infrastructure and open-source tools, unpatched authorization flaws in components like OpenClaw can compromise deployed systems and require urgent remediation to prevent breaches.