CVE-2026-33577 HIGH

CVE-2026-33577: OpenClaw < 2026.3.28 - Insufficient Scope Validation in node.pair.approve

Vendor Openclaw
Product OpenClaw
Weakness CWE-863 · Incorrect authorization
Published March 31, 2026
Last update April 2, 2026

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node pairing approval path that allows low-privilege operators to approve nodes with broader scopes. Attackers can exploit missing callerScopes validation in node-pairing.ts to extend privileges onto paired nodes beyond their authorization level.

Key dates

02Disclosure timeline

March 31, 2026 CVE published
April 2, 2026 Record updated