Platform
nodejs
Component
openclaw
Fixed in
2026.3.12
CVE-2026-33575 is a high-severity vulnerability affecting OpenClaw versions prior to 2026.3.12. This vulnerability involves the insecure handling of shared gateway credentials, which are embedded directly within pairing setup codes generated by the /pair endpoint and OpenClaw qr command. Attackers who gain access to these codes, potentially through chat history, logs, or screenshots, can recover and reuse the credentials, bypassing the intended one-time pairing flow.
The primary impact of CVE-2026-33575 is the potential for unauthorized access to OpenClaw instances. An attacker possessing a leaked pairing setup code can effectively impersonate a legitimate user and gain control of the system. This could lead to data breaches, manipulation of system configurations, or even complete compromise of the OpenClaw server. The long-lived nature of the embedded credentials means that a single compromised code could be exploited repeatedly, significantly increasing the attack surface. The blast radius extends to any user whose pairing code has been exposed, making secure communication channels and careful log management crucial.
CVE-2026-33575 was publicly disclosed on 2026-03-29. There is currently no indication of active exploitation or a KEV listing. Public proof-of-concept code is not yet available, but the vulnerability's nature makes it likely that such code will emerge. The relatively recent disclosure suggests a low to medium probability of exploitation in the near term.
Exploit Status
EPSS
0.04% (14% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-33575 is to immediately upgrade OpenClaw to version 2026.3.12 or later, which addresses the credential embedding issue. If an immediate upgrade is not feasible, consider temporarily disabling the /pair endpoint or the OpenClaw qr command to prevent new pairing codes from being generated. Thoroughly review chat logs, system logs, and any other potential sources where pairing codes might have been exposed. Implement stricter access controls to prevent unauthorized access to these logs. There are no specific WAF rules or detection signatures available at this time, but monitoring for unusual authentication attempts and reviewing pairing code generation patterns can help identify potential exploitation.
Update OpenClaw to version 2026.3.12 or later. This corrects the vulnerability that exposes long-lived credentials in pairing setup codes.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-33575 is a high-severity vulnerability in OpenClaw versions 0.0 - 2026.3.12 where pairing setup codes embed long-lived gateway credentials, allowing attackers to reuse them.
If you are running OpenClaw versions 0.0 to 2026.3.12, you are potentially affected. Check your version and upgrade immediately.
Upgrade OpenClaw to version 2026.3.12 or later to resolve the vulnerability. Consider disabling the /pair endpoint as a temporary measure.
There is currently no confirmed active exploitation, but the vulnerability's nature suggests a potential for future attacks.
Refer to the official OpenClaw security advisory for detailed information and updates: [Replace with actual advisory URL when available]
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.