CVE-2026-33579
OpenClaw < 2026.3.28 - Privilege Escalation via Missing Caller Scope Validation in Device Pair Approval
Description
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privileges but without admin privileges can approve pending device requests asking for broader scopes including admin access by exploiting the missing scope validation in extensions/device-pair/index.ts and src/infra/device-pairing.ts.
INFO
Published Date :
March 31, 2026, 3:16 p.m.
Last Modified :
April 6, 2026, 11:16 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | CRITICAL | 83251b91-4cc7-4094-a5c7-464a1b83ea10 | ||||
| CVSS 3.1 | CRITICAL | [email protected] | ||||
| CVSS 3.1 | HIGH | [email protected] | ||||
| CVSS 3.1 | CRITICAL | [email protected] | ||||
| CVSS 4.0 | HIGH | 83251b91-4cc7-4094-a5c7-464a1b83ea10 | ||||
| CVSS 4.0 | HIGH | [email protected] | ||||
| CVSS 4.0 | CRITICAL | [email protected] |
Solution
- Update OpenClaw to version 2026.3.28 or later.
- Validate caller scopes before approving requests.
- Enforce strict scope validation in extensions.
Public PoC/Exploit Available at Github
CVE-2026-33579 has a 12 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-33579.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-33579 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-33579
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Hermes Agent vs OpenClaw: stability comparison with normalized GitHub data
HTML
Interactive OpenClaw install and security hardening scripts
Shell JavaScript
None
TypeScript
Runtime security for AI agent systems — built for OpenClaw
Shell
Check if your AI agent setup is vulnerable to CVE-2026-33579
HTML
1 Claw, 2 Claws.... Zero Claws?
HTML Python Shell Rust C++ TypeScript CSS Starlark Makefile
🦞 A practitioners field guide to OpenClaw — real patterns, real use cases, real cost. Bilingual EN/CN.
Cathedral-Grade Security for AI Agents. Attack vectors updated daily. Local-first, zero API cost. MIT licensed.
Python
A collection of global government warnings, vendor security advisories, and news headlines about OpenClaw Security for AI builders, developers, and investors. Updated twice daily.
openclaw openclaw-security openclaw-security-news openclaw-skill openclaw-advisories openclaw-vulnerabilities openclaw-warnings
Python
OpenClaw Daily News (with Ollama + Telegram Quick Setup Guide) | 每日新聞兼快速安裝指南
install-guide moltbot clawdbot openclaw molty windows ollama wsl2
JavaScript CSS
None
Python Shell
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
security cve exploit poc vulnerability
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-33579 vulnerability anywhere in the article.
-
The Hacker News
⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More
Monday is back, and the weekend’s backlog of chaos is officially hitting the fan. We are tracking a critical zero-day that has been quietly living in your PDFs for months, plus some aggressive state-s ... Read more
-
Ars Technica
OpenClaw gives users yet another reason to be freaked out about security
For more than a month, security practitioners have been warning about the perils of using OpenClaw, the viral AI agentic tool that has taken the development community by storm. A recently fixed vulner ... Read more
The following table lists the changes that have been made to the
CVE-2026-33579 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by [email protected]
Apr. 06, 2026
Action Type Old Value New Value Added CVSS V4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Removed CVSS V4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Added CVSS V3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Removed CVSS V3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N -
Initial Analysis by [email protected]
Apr. 01, 2026
Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:* versions up to (excluding) 2026.3.28 Added Reference Type VulnCheck: https://github.com/openclaw/openclaw/commit/e403decb6e20091b5402780a7ccd2085f98aa3cd Types: Patch Added Reference Type VulnCheck: https://github.com/openclaw/openclaw/security/advisories/GHSA-hc5h-pmr3-3497 Types: Vendor Advisory Added Reference Type VulnCheck: https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-missing-caller-scope-validation-in-device-pair-approval Types: Third Party Advisory -
CVE Modified by [email protected]
Mar. 31, 2026
Action Type Old Value New Value Added CVSS V3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Removed CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H -
New CVE Received by [email protected]
Mar. 31, 2026
Action Type Old Value New Value Added Description OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privileges but without admin privileges can approve pending device requests asking for broader scopes including admin access by exploiting the missing scope validation in extensions/device-pair/index.ts and src/infra/device-pairing.ts. Added CVSS V4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Added CWE CWE-863 Added Reference https://github.com/openclaw/openclaw/commit/e403decb6e20091b5402780a7ccd2085f98aa3cd Added Reference https://github.com/openclaw/openclaw/security/advisories/GHSA-hc5h-pmr3-3497 Added Reference https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-missing-caller-scope-validation-in-device-pair-approval