DigiNews

Tech Watch by Johan Denoyer

← Back to articles

OpenClaw privilege escalation vulnerability

Quality: 9/10 Relevance: 9/10

Summary

OpenClaw prior to 2026.3.28 contains a privilege escalation vulnerability in the /pair/approve path that allows a caller with pairing but without admin privileges to approve requests with admin-level scopes due to missing scope validation. The issue has a high severity with CVSS 4.0 base score of 8.1 (and various CVSS vectors), and is documented with multiple advisories and references, including NVD initial analysis dated 2026-04-01.

🚀 Service construit par Johan Denoyer