Hinotobi

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.4.20 **Description** An improper authorization issue exists in paired-device pairing management. This allows sessions with limited scope to enumerate and act on pairing requests. Attackers with paired-device access can approve or operate on unrelated pending device requests within the same gateway scope. **Recommendations** Update to version 2026.4.20.