Knoxar

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.3.12 **Description** The software embeds long-lived shared gateway credentials directly within pairing setup codes. These codes are generated by the `/pair` API endpoint and the `OpenClaw qr` command. If setup codes are leaked through chat history, logs, or screenshots, attackers can recover and reuse the credentials outside the intended one-time pairing process. **Recommendations** Update to version 2026.3.12 or later.