CVE-2026-32067

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.26

Description OpenClaw is affected by an authorization bypass issue in the pairing-store access control for direct message pairing policy. This allows attackers to reuse pairing approvals across multiple accounts. Specifically, an attacker approved as a sender in one account can be automatically accepted in another account in multi-account deployments without explicit approval, bypassing authorization boundaries.

Recommendations Update OpenClaw to version 2026.2.26 or later.