OpenClaw, the open-source framework for building AI agents that can control devices and execute commands, has patched a critical privilege escalation vulnerability. Tracked as CVE-2026-33579 with a CVSS score of 8.1 (High), the flaw exists in the `/pair approve` command path where the system fails to forward caller scopes into the core approval check. Users with basic pairing privileges can approve pending device requests requesting broader scopes, including administrative access. AntAISecurityLab responsibly reported the vulnerability, which affects all versions prior to 2026.3.28.
OpenClaw creator steipete clarified on Hacker News that this is not a complete authentication bypass. Attackers must already possess gateway access and command-sending permissions to exploit the flaw—a scope-ceiling bypass rather than an external unauthenticated attack. Single-user personal assistants face low practical risk, but multi-user deployments are a different story. Users concerned about the disclosure have pointed to Nanoclaw and Nemoclaw as alternatives.
Version 2026.3.28 is now available and users should upgrade immediately. The patch drew contributions from Nvidia, ByteDance, Tencent, and OpenAI—organizations with significant infrastructure investments in open-source agent frameworks.