Main Vulnerability Database Vulnerabilities #VU132749

Improper access control in OpenClaw - #VU132749

Published: May 29, 2026

Vulnerability identifier: #VU132749

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenClaw

Affected software:
OpenClaw

Detailed vulnerability description

The vulnerability allows a remote user to retain or restore device scopes broader than intended.

The vulnerability exists due to improper access control in the device re-pairing feature when processing a re-pairing request with an empty scope set. A remote user can send a crafted device re-pairing request to retain or restore device scopes broader than intended.

Only configurations with the affected feature enabled and reachable are vulnerable.

Remediation

Install security update from vendor's website.

Sources

https://github.com/openclaw/openclaw/security/advisories/GHSA-8mg9-j9cf-54cj

Improper access control in OpenClaw - #VU132749

Detailed vulnerability description

Remediation

Sources

Please verify you're human