Privilege Escalation Vulnerability in OpenClaw's Device Pairing

OpenClaw versions prior to 2026.3.28 suffer from a critical privilege escalation vulnerability. This flaw resides in the /pair approve command path, where caller scopes are not correctly forwarded into the core approval check. As a result, users with pairing privileges, but lacking admin rights, can exploit this oversight to approve device requests that require broader scopes, including admin access. This vulnerability is specifically found in extensions/device-pair/index.ts and src/infra/device-pairing.ts.

The vulnerability is classified under CWE-863, indicating incorrect authorization. The absence of proper scope validation allows unauthorized users to gain elevated privileges, posing significant security risks. The CVSS 4.0 vector provided by VulnCheck highlights the severity of this issue, with a focus on network attack vectors and low complexity requirements for exploitation.

To address this vulnerability, patches and advisories have been issued. The OpenClaw GitHub repository contains a commit that rectifies this issue, and further details can be found in the security advisories provided by VulnCheck. These resources are crucial for users seeking to mitigate the risks associated with this vulnerability.