<0.1% probability · 12.2th percentile — 2026-05-12
Affected versions
OpenClaw before 2026.3.22
Summary
This vulnerability impacts the initial device pairing process for OpenClaw connected IoT devices. Bootstrap setup codes are not properly bound to intended device roles and permission scopes. Attackers that interact with a device during first-use pairing can escalate privileges to gain unauthorized elevated access.
Remediation
Update OpenClaw to version 2026.3.22 or later immediately. For already paired devices, re-validate assigned device roles and reset permissions to remove any unauthorized access. Restrict public access to pairing interfaces until the update is applied.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.