A paired device session with limited pairing scope could enumerate global pairing state and act on pairing requests that belonged to another device within the same gateway scope ceiling.

This is a same-gateway paired-device authorization bug, not a remote unauthenticated issue. Severity is low.

Pairing management actions are now limited to the caller device, so non-admin paired-device sessions cannot approve or operate on unrelated pending device requests.

Fix commit:

Fixed in OpenClaw 2026.4.20.