Impact
OpenClaw versions prior to 2026.4.25 contain a scope containment bypass in the device re‑pairing process. The flaw allows an authenticated operator to submit re‑pairing requests with empty scope sets, which the application accepts and uses to grant broader access than originally intended. The result is an authorization bypass that can lead to unauthorized device access or privilege elevation within the system.
Affected Systems
The affected product is OpenClaw OpenClaw. Versions before 2026.4.25 are vulnerable. No specific version numbers beyond that are listed.
Risk and Exploitability
The CVSS score of 2.3 indicates low severity. The EPSS score of less than 1% suggests that the exploitation probability is very low. The vulnerability is not listed in the CISA KEV catalog, further indicating limited current exploitation. Because the flaw requires the attacker to be an authenticated operator, the attack vector is limited to internal users or compromised accounts. Exploitation would involve sending a re‑pairing request containing an empty scope set to bypass containment checks and gain broader device access.
OpenCVE Enrichment
Github GHSA