NextGuard
UNKNOWNCVE-2026-33575

OpenClaw < 2026.3.12 - Long-lived Credential Exposure in Pairing Setup Codes

Platform

other

Component

openclaw

Fixed in

2026.3.12

View on NVD

OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup codes generated by /pair endpoint and OpenClaw qr command. Attackers with access to leaked setup codes from chat history, logs, or screenshots can recover and reuse the shared gateway credential outside the intended one-time pairing flow.

How to fix

Actualice OpenClaw a la versión 2026.3.12 o posterior. Esto corrige la vulnerabilidad que expone credenciales de larga duración en los códigos de configuración de emparejamiento.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free