Security Advisory

CVE-2026-33577

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-31 14:10:31

Last updated 2026-04-02 12:57:46

Assigner VulnCheck

State PUBLISHED

Description

OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node pairing approval path that allows low-privilege operators to approve nodes with broader scopes. Attackers can exploit missing callerScopes validation in node-pairing.ts to extend privileges onto paired nodes beyond their authorization level.

← Browse all CVEs View on cve.org ↗