Description
OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup codes generated by /pair endpoint and OpenClaw qr command. Attackers with access to leaked setup codes from chat history, logs, or screenshots can recover and reuse the shared gateway credential outside the intended one-time pairing flow.
Published: 2026-03-29
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Credential Exposure
Action: Immediate Patch
AI Analysis

Impact

OpenClaw releases before 2026.3.12 embed long‑lived shared gateway credentials directly into pairing setup codes generated by the /pair endpoint and the qr command. When these codes are shared through chat history, logs, or screenshots, an attacker can recover and reuse the shared gateway credential beyond the intended one‑time pairing flow. The compromised credential grants unauthorized access to the gateway, potentially allowing an attacker to intercept, manipulate, or take complete control of network traffic and connected devices. This vulnerability is categorized as CWE‑522, an information‑exposure weakness.

Affected Systems

The affected systems are deployments of OpenClaw, specifically any installation using a version earlier than 2026.3.12. The issue manifests in all OpenClaw platforms that generate pairing codes via the /pair endpoint or the qr command.

Risk and Exploitability

The CVSS score of 8.6 indicates high severity, while no EPSS score is available and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is an attacker obtaining a leaked pairing code from user-facing channels such as chat, logs, or screenshots; from that, the attacker can extract the shared gateway credential and reuse it. Given the possibility of code leakage, the risk remains high if systems are exposed to social or logging channels.

Generated by OpenCVE AI on March 29, 2026 at 15:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.3.12 or later.

Generated by OpenCVE AI on March 29, 2026 at 15:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 30 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 29 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup codes generated by /pair endpoint and OpenClaw qr command. Attackers with access to leaked setup codes from chat history, logs, or screenshots can recover and reuse the shared gateway credential outside the intended one-time pairing flow.
Title OpenClaw < 2026.3.12 - Long-lived Credential Exposure in Pairing Setup Codes
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-522
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-30T14:52:09.276Z

Reserved: 2026-03-23T11:00:48.408Z

Link: CVE-2026-33575

cve-icon Vulnrichment

Updated: 2026-03-30T12:50:17.827Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-29T13:17:03.370

Modified: 2026-03-30T15:51:26.870

Link: CVE-2026-33575

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-30T06:58:10Z

Weaknesses