PT-2026-30776 · Npm · Openclaw

Publicado

2026-03-27

·

Atualizado

2026-03-27

CVSS v4.0

9.4

Crítica

VetorAV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Summary

Gateway local shared-auth reconnect silently widens paired device scope from operator.read to operator.admin and reach node RCE

Affected Packages / Versions

  • Package: openclaw
  • Affected versions: <= 2026.3.24
  • First patched version: 2026.3.25
  • Latest published npm version at verification time: 2026.3.24

Details

Silent local shared-auth reconnects could previously auto-approve scope-upgrade requests and widen a paired device from operator.read to operator.admin. Commit 81ebc7e0344fd19c85778e883bad45e2da972229 blocks silent reconnect scope upgrades so widened scopes require an explicit pairing approval instead of an implicit local reconnect path.
Verified vulnerable on tag v2026.3.24 and fixed on main by commit 81ebc7e0344fd19c85778e883bad45e2da972229.

Fix Commit(s)

  • 81ebc7e0344fd19c85778e883bad45e2da972229

Correção

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863

Identificadores relacionados

GHSA-FQW4-MPH7-2VR8

Produtos afetados

Openclaw