NextGuard
UNKNOWNCVE-2026-33577

OpenClaw < 2026.3.28 - Insufficient Scope Validation in node.pair.approve

Platform

nodejs

Component

openclaw

Fixed in

2026.3.28

View on NVD

OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node pairing approval path that allows low-privilege operators to approve nodes with broader scopes. Attackers can exploit missing callerScopes validation in node-pairing.ts to extend privileges onto paired nodes beyond their authorization level.

How to fix

Actualice OpenClaw a la versión 2026.3.28 o superior. Esta versión corrige la validación insuficiente del alcance en la ruta de aprobación del emparejamiento de nodos, evitando que operadores con pocos privilegios aprueben nodos con alcances más amplios.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free