Critical

Privilege Escalation in OpenClaw /pair approve

IdentifiersCVE-2026-33579CWE-863· Incorrect Authorization

CVE-2026-33579 is a privilege escalation vulnerability affecting OpenClaw versions before 2026.3.28. The flaw is in the /pair approve command path, where caller scopes are not forwarded into the core approval check. As a result, authorization is evaluated without properly validating whether the approving caller is permitted to grant the requested scopes. A user or device with pairing privileges, but without administrative privileges, can approve pending device pairing requests that request broader scopes, including operator.admin. The vulnerable logic is identified in extensions/device-pair/index.ts and src/infra/device-pairing.ts.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows a low-privileged actor with pairing capability to escalate to administrative access on the OpenClaw instance. From there, the attacker can achieve effective full instance takeover, including reading connected data sources, exfiltrating credentials stored in the agent skill environment, executing arbitrary tool calls through the platform, and pivoting into other connected services and resources accessible to OpenClaw. The issue has been described as actively exploitable and does not require a secondary exploit once pairing access is obtained.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, restrict or disable device pairing workflows, especially on internet-exposed instances. Require authentication for access to OpenClaw and limit who can obtain pairing privileges. Closely monitor and audit /pair approve activity, review recently registered devices, and investigate cases where registration and approval occurred in rapid succession or where non-admin actors approved requests for elevated scopes. Reduce external exposure of OpenClaw instances until patched.

Remediation

Patch, then assume compromise.

Upgrade OpenClaw to version 2026.3.28 or later, which includes the fix for the missing caller-scope validation in the device pairing approval flow. The fix is referenced in OpenClaw commit e403decb6e20091b5402780a7ccd2085f98aa3cd and GitHub Security Advisory GHSA-hc5h-pmr3-3497. For environments that previously ran vulnerable versions, review device inventories and audit logs for suspicious self-approved or unexpectedly privileged pairings, especially approvals that granted operator.admin to devices approved by non-admin users.

PUBLIC EXPLOITS

Exploits

No valid public exploits. Mallory filtered out 1 candidate as fakes, detection scripts, or README-only repos.

VALID 0 / 1 TOTALView more in app

All candidate exploits were filtered out by Mallory's validation.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

OpenclawOpenclawapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

40 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

40 SOURCESView more in app

arstechnica securityNews

Apr 3, 2026

OpenClaw gives users yet another reason to be freaked out about security - Ars Technica

A high-severity privilege escalation vulnerability in OpenClaw that allows a user with pairing privileges to silently approve requests for admin scope and gain full administrative control of the OpenClaw instance.

reddit netsecNews

Apr 3, 2026

If you're running OpenClaw, you probably got hacked in the last week : r/netsec

An authorization flaw in OpenClaw where the /pair approve command fails to verify whether the approver is authorized, allowing a low-privileged user with pairing access to self-approve for admin and take over the instance.

cvefeed high severityNews

Mar 31, 2026

CVE-2026-33579 - OpenClaw < 2026.3.28 - Privilege Escalation via Missing Caller Scope Validation in Device Pair Approval

A privilege escalation vulnerability in OpenClaw before 2026.3.28 caused by missing caller scope validation in the device pair approval flow, allowing a user with pairing privileges to approve requests for broader scopes including admin access.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity37

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2026-33579

NVD

nvd.nist.gov/vuln/detail/CVE-2026-33579

MITRE CWE · CWE-863

Incorrect Authorization

Patch

github.com/openclaw/openclaw/commit/e403decb6e20091b5402780a7ccd2085f98aa3cd

Vendor Advisory

github.com/openclaw/openclaw/security/advisories/GHSA-hc5h-pmr3-3497

Third Party Advisory

vulncheck.com/advisories/openclaw-privilege-escalation-via-missing-caller-scope-validation-in-device-pair-approval