Six CWE-863 Vulnerabilities in OpenClaw's Device Pairing Subsystem
In the device pairing subsystem of OpenClaw, a popular AI agent with 348,000 stars on GitHub, six CWE-863 vulnerabilities (Incorrect Authorization) were uncovered over six weeks. The latest, CVE-2026-33579 with CVSS 8.6, was fixed in release 2026.3.28 on March 29. All defects stem from a lack of verification of the authorized subject's permissions when approving new devices.
The device pairing module fails to validate the caller's privileges before executing operations. This enables privilege escalation without additional safeguards.
Details of CVE-2026-33579 and Its Predecessors
In CVE-2026-33579, the /pair approve command didn't pass the user's permission context to the authorization check. A user with the operator.pairing role could initiate device pairing requesting operator.admin privileges, then approve it themselves. This resulted in elevated privileges.
The prior vulnerability, CVE-2026-32922 (CVSS 9.9), exploited the token rotation endpoint to bypass permission checks. The patch came in version 2026.3.11, but without upgrading to 2026.3.28, systems stayed vulnerable to fresh attacks.
Scale of the Problem in Production
February SecurityScorecard scans showed over 135,000 OpenClaw instances publicly accessible, with 63% lacking any authentication. By March, Censys reported a drop to 63,000, but that's still a major vector for mass exploitation.
On unauthenticated instances, any attacker can execute pairing and trigger escalation. The absence of basic protections heightens risks for deployed systems.
- Exposure Scale: 135k+ public instances in February.
- Unauthenticated Share: 63%.
- Trend: Drop to 63k by March.
- Risks: Full access to device pairing with no barriers.
Patches Don't Solve the Root Problem
Each of the six patches addressed a specific code path, but the authorization model in device pairing went unchanged. No evidence of a comprehensive architectural audit for the subsystem. Researchers expect new CVEs soon.
OpenClaw developers recommend:
- Updating to 2026.3.28.
- Enabling authentication on all instances.
- Monitoring the project's security feed.
Key Takeaways
- Six CWE-863 vulnerabilities in OpenClaw device pairing over 6 weeks, latest CVSS 8.6.
- Root cause: missing permission validation in
/pair approveand similar endpoints. - 63k+ public instances without auth—a ready exploitation vector.
- Patches treat symptoms; authorization architecture needs a redesign.
- Mandatory updates and hardening for production deployments.
— Editorial Team
No comments yet.