Security Advisory

CVE-2026-32067

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-21 00:42:30

Last updated 2026-05-26 11:52:10

Assigner VulnCheck

State PUBLISHED

Description

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability in the pairing-store access control for direct message pairing policy that allows attackers to reuse pairing approvals across multiple accounts. An attacker approved as a sender in one account can be automatically accepted in another account in multi-account deployments without explicit approval, bypassing authorization boundaries.

← Browse all CVEs View on cve.org ↗