GHSA-XR4F-MJXJ-W6W5

Vulnerability from github – Published: 2026-07-02 16:55 – Updated: 2026-07-02 16:55
VLAI
Summary
OpenClaw: Non-owner chat senders could issue device-pairing bootstrap codes
Details

Summary

The bundled device-pair plugin exposed /pair on normal chat command surfaces. In affected releases, authorized non-owner chat senders could issue device-pairing bootstrap codes without having owner, admin, or pairing scope.

This issue does not affect unauthenticated users. The caller must already be allowed to send commands to the agent through a configured chat channel.

Affected configurations

This affects deployments where the bundled device-pair plugin is enabled and a non-owner sender is authorized to use normal chat commands, such as in a configured Telegram, Discord, or Slack agent.

Impact

A non-owner authorized sender could create a setup code and use it before expiry to enroll a device with operator/node capabilities. That device would then retain persistent credentials until removed.

Patched Versions

The first stable patched version is 2026.5.4.

Mitigations

Upgrade to openclaw@2026.5.4 or later. Review paired devices and remove any unexpected entries. In shared chat channels, keep command access limited to users who should be allowed to manage device pairing.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.5.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-02T16:55:09Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\n\nThe bundled device-pair plugin exposed `/pair` on normal chat command surfaces. In affected releases, authorized non-owner chat senders could issue device-pairing bootstrap codes without having owner, admin, or pairing scope.\n\nThis issue does not affect unauthenticated users. The caller must already be allowed to send commands to the agent through a configured chat channel.\n\n### Affected configurations\n\nThis affects deployments where the bundled device-pair plugin is enabled and a non-owner sender is authorized to use normal chat commands, such as in a configured Telegram, Discord, or Slack agent.\n\n### Impact\n\nA non-owner authorized sender could create a setup code and use it before expiry to enroll a device with operator/node capabilities. That device would then retain persistent credentials until removed.\n\n### Patched Versions\n\nThe first stable patched version is `2026.5.4`.\n\n### Mitigations\n\nUpgrade to `openclaw@2026.5.4` or later. Review paired devices and remove any unexpected entries. In shared chat channels, keep command access limited to users who should be allowed to manage device pairing.",
  "id": "GHSA-xr4f-mjxj-w6w5",
  "modified": "2026-07-02T16:55:09Z",
  "published": "2026-07-02T16:55:09Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xr4f-mjxj-w6w5"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "OpenClaw: Non-owner chat senders could issue device-pairing bootstrap codes"
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…