- Updated: April 4, 2026
- 1 min read
Critical Privilege‑Escalation Flaw Discovered in OpenClaw 2026.3.28 (CVE‑2026‑33579)
Critical Privilege‑Escalation Flaw Discovered in OpenClaw 2026.3.28 (CVE‑2026‑33579)
The National Vulnerability Database (NVD) has published details on a high‑severity vulnerability affecting OpenClaw versions earlier than 2026.3.28. Identified as CVE‑2026‑33579, the flaw allows unauthorized users to gain elevated privileges through the /pair approve command.
Key facts:
- CVSS v4.0 score: 8.6 (HIGH)
- CVSS v3.1 score: 8.1 (HIGH)
- CWE‑863: Incorrect Authorization
- Impact: Privilege escalation that could let attackers execute arbitrary actions with admin rights.
The vulnerability stems from inadequate validation of the approval process for paired devices, enabling a malicious actor to bypass normal authorization checks. Vendors have already released patches, and users are strongly urged to update to OpenClaw 2026.3.28 or later.
For a deeper dive into mitigation steps and related advisories, visit our security hub or read the detailed analysis on the OpenClaw patch notes.
Stay informed and protect your infrastructure – timely updates are the best defense against emerging threats.