PT-2026-28462 · Openclaw · Openclaw
Tdjackey
·
Publicado
2026-03-29
·
Atualizado
2026-03-30
·
CVE-2026-32987
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OpenClaw versions prior to 2026.3.13
Description
The software contains a flaw where bootstrap setup codes can be replayed during device pairing verification within the
src/infra/device-bootstrap.ts component. An attacker can repeatedly verify a valid bootstrap code before approval, potentially escalating pending pairing scopes to operator.admin privileges.Recommendations
Update to version 2026.3.13 or later.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Openclaw