Impact
OpenClaw versions prior to 2026.5.12 suffer a bootstrap token replay flaw. A caller that owns a pending bootstrap token can replay the same token with a different, broader scope before the server approves it. This allows the attacker to gain pairing authority that exceeds the limits originally intended for that token, effectively elevating privileges. The vulnerability is mapped to credential management and replay weaknesses (CWE‑266 and CWE‑345).
Affected Systems
The affected product is OpenClaw, open‑source platform for secure pairing, in all releases before 2026.5.12. No other version or build information is supplied beyond the stated cutoff.
Risk and Exploitability
The flaw carries a CVSS score of 2.3, classifying it as low severity, and its EPSS score is under 1 %, indicating a very low likelihood of exploitation. It is not listed in the CISA KEV catalog. Exploitation requires possession of a pending bootstrap token; the attacker can replay that token before approval to widen the requested scope. The attack vector appears to be internal or local to the system that issues bootstrap tokens, as the advisory does not describe remote access requirements. Because the exploit relies on manipulating token data, it is likely limited to parties with access to the token issuance or transmission process.
OpenCVE Enrichment
Github GHSA