openclaw versions <= 2026.3.12 allowed bootstrap setup codes to be replayed before approval, which could widen the scopes on a pending device pairing request.

The vulnerable path was bootstrap token verification in src/infra/device-bootstrap.ts. In affected releases, a valid bootstrap setup code could be verified more than once before the pairing request was approved. That allowed a second verification attempt to mutate a pending device pairing and request broader scopes, including escalation from a lower operator scope to operator.admin, before an approver finalized the pairing.

This issue is in scope under OpenClaw's trust model because bootstrap setup codes are an authentication primitive for device pairing and the replay changed the privileges granted to the pending device.

openclaw@2026.3.13 makes bootstrap setup codes single-use. Current code consumes the bootstrap token record on the first successful verification, so replay attempts fail before pending scopes can be widened.

Regression coverage exists in src/infra/device-pairing.test.ts (rejects bootstrap token replay before pending scope escalation can be approved).

Thanks @tdjackey for reporting.