CVE-2026-33579: OpenClaw Privilege Escalation Vulnerability
Platform
nodejs
Component
openclaw
Fixed in
2026.3.28
CVE-2026-33579 describes a privilege escalation vulnerability affecting OpenClaw. This flaw allows a user with device pairing privileges, but lacking admin privileges, to approve device requests that escalate their permissions to include admin access. This is due to missing scope validation in the `/pair approve` command path. OpenClaw versions 0 through 2026.3.28 are affected. Version 2026.3.28 contains the fix for this vulnerability.
How to fix
Actualice OpenClaw a la versión 2026.3.28 o superior para mitigar la vulnerabilidad de escalada de privilegios. La actualización corrige la falta de validación del alcance del llamador en el proceso de aprobación de dispositivos, previniendo que usuarios con privilegios de emparejamiento aprovechen la vulnerabilidad para obtener acceso administrativo.
Frequently asked questions
What is the CVE-2026-33579 vulnerability?
CVE-2026-33579 is a privilege escalation vulnerability in OpenClaw that allows users with pairing privileges to gain unauthorized admin access.
Am I affected by CVE-2026-33579?
You are affected if you are using OpenClaw versions 0 through 2026.3.28. Users with device pairing privileges are particularly at risk.
How do I fix CVE-2026-33579?
Upgrade your OpenClaw installation to version 2026.3.28 or later. This version includes the necessary fix to prevent privilege escalation.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free