Main Vulnerability Database Vulnerabilities #VU132717

Time-of-check Time-of-use (TOCTOU) Race Condition in OpenClaw - #VU132717

Published: May 29, 2026

Vulnerability identifier: #VU132717

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-367

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenClaw

Affected software:
OpenClaw

Detailed vulnerability description

The vulnerability allows a remote user to obtain broader node authority than intended.

The vulnerability exists due to a time-of-check time-of-use race condition in the node pairing reconnection feature when handling paired or reconnecting node sessions. A remote user can manipulate pairing state transitions to obtain broader node authority than intended.

Only instances with the affected feature enabled and reachable are vulnerable. Practical impact depends on operator configuration and whether lower-trust input can reach the affected path.

Remediation

Install security update from vendor's website.

Sources

https://github.com/openclaw/openclaw/security/advisories/GHSA-83w9-h5wv-j9xm

Time-of-check Time-of-use (TOCTOU) Race Condition in OpenClaw - #VU132717

Detailed vulnerability description

Remediation

Sources

Please verify you're human