Platform
nodejs
Component
openclaw
Fixed in
2026.3.13
CVE-2026-32987 is a critical vulnerability affecting OpenClaw versions prior to 2026.3.13. This flaw allows attackers to replay bootstrap setup codes during device pairing verification, leading to privilege escalation to the operator.admin role. The vulnerability resides in the src/infra/device-bootstrap.ts file and requires an attacker to verify a valid bootstrap code multiple times before approval.
The impact of CVE-2026-32987 is significant due to the potential for privilege escalation. An attacker who can successfully exploit this vulnerability can gain operator.admin access within OpenClaw, effectively controlling the affected system. This could lead to unauthorized data access, modification, or deletion, as well as the ability to compromise other systems connected to the OpenClaw infrastructure. The ability to replay bootstrap codes bypasses intended security checks, making it a particularly dangerous flaw. Successful exploitation could mirror the impact of other privilege escalation vulnerabilities, allowing for complete system takeover.
CVE-2026-32987 was publicly disclosed on 2026-03-29. Its CRITICAL CVSS score indicates a high probability of exploitation. While no public proof-of-concept (PoC) has been released at the time of writing, the ease of exploitation (replay of codes) suggests a high likelihood of a PoC emerging. It is not currently listed on the CISA KEV catalog, but its severity warrants close monitoring.
Exploit Status
EPSS
0.05% (17% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-32987 is to immediately upgrade OpenClaw to version 2026.3.13 or later. If upgrading is not immediately feasible, consider implementing stricter controls around bootstrap code verification processes. While a direct workaround isn't available, limiting the number of verification attempts or implementing additional authentication factors could reduce the attack surface. Monitor system logs for unusual activity related to device pairing and bootstrap code verification. After upgrading, confirm the fix by attempting to replay a bootstrap code and verifying that the pairing process is rejected.
Update OpenClaw to version 2026.3.13 or later. This version fixes the bootstrap setup code replay vulnerability during device pairing. The update will prevent attackers from verifying valid bootstrap codes multiple times to escalate privileges.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-32987 is a critical vulnerability in OpenClaw versions 0-2026.3.13 that allows attackers to replay bootstrap codes, leading to privilege escalation to operator.admin.
You are affected if you are running OpenClaw versions 0 through 2026.3.13. Immediately check your version and upgrade if necessary.
Upgrade OpenClaw to version 2026.3.13 or later to resolve this vulnerability. If immediate upgrade is not possible, implement stricter controls around bootstrap code verification.
While no active exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest a high likelihood of exploitation.
Refer to the official OpenClaw security advisories on their website or GitHub repository for the latest information and updates regarding CVE-2026-32987.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.