This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: OpenClaw has a critical **Privilege Escalation** flaw in the `/pair approve` command.β¦
π‘οΈ **Root Cause**: **CWE-863** (Incorrect Authorization). The system fails to validate the **caller's scope** when processing device pair approvals.β¦
π¦ **Affected**: **OpenClaw** products. Specifically, all versions **prior to 2026.3.28**. If you are running an older build, your smart assistant infrastructure is vulnerable to this scope validation bypass.
Q4What can hackers do? (Privileges/Data)
π **Attacker Capabilities**: A hacker with **Pairing Permissions** (but no Admin rights) can escalate privileges. They can approve device requests that grant **Full Admin Access**.β¦
βοΈ **Exploitation Threshold**: **Low**. π― **Auth Required**: Yes, but only **Low Privileges** (PR:L). The attacker needs to be authenticated with pairing rights. No User Interaction (UI:N) is needed.β¦
π **Public Exploit**: **No**. The `pocs` array is empty. While there are **Advisories** (VulnCheck, GitHub GHSA), there is no known public Proof-of-Concept (PoC) code or wild exploitation scripts available yet.β¦
π **Self-Check**: 1. Check your OpenClaw version. Is it **< 2026.3.28**? 2. Audit users with **Pairing Permissions**. Do any lack Admin rights? 3. Review logs for `/pair approve` commands initiated by non-admin users.β¦
π§ **Workaround (If No Patch)**: 1. **Restrict Permissions**: Remove pairing approval rights from all non-admin users immediately. 2. **Monitor Closely**: Alert on any `/pair approve` actions. 3.β¦