Critical CVE-2026-33579 in OpenClaw allows privilege escalation to admin

CVE-2026-33579 affects all OpenClaw versions prior to 2026.3.28. The flaw exists in the /pair approve command path, where the system failed to properly forward caller scopes into the core approval check. Users with only pairing privileges could approve pending device requests for broader scopes, including operator.admin access—potentially enabling full system takeover. VulnCheck assigned the <a href="/news/2026-04-04-openclaw-privilege-escalation-vulnerability-cve-2026-33579">vulnerability</a> a CVSS v4 score of 9.4. Credit for discovery goes to AntAISecurityLab.

OpenClaw creator steipete clarified on Hacker News that exploitation requires the attacker to already possess gateway access and command permissions. This makes it a <a href="/news/2026-04-04-openclaw-privilege-escalation-vulnerability-cve-2026-33579">privilege escalation issue</a> rather than remote code execution. The practical risk remains low for single-user personal assistant setups. Version 2026.3.28 patches the vulnerability by ensuring caller scopes are properly forwarded during the approval process.

The patch is available now. Organizations running OpenClaw in multi-user or enterprise environments—particularly those using device pairing with scoped access controls—should update to 2026.3.28 or later immediately. No workaround exists for unpatched versions; restricting pairing privileges to trusted users reduces but does not eliminate the risk. OpenClaw maintainers have initiated security audits with Nvidia, ByteDance, Tencent, and OpenAI to strengthen code review processes for future releases.