wid-sec-w-2026-0743 · Published 2026-03-16 · View on BSI CERT-Bund ↗

OpenClaw: Multiple Vulnerabilities

CVSS 9.3 CRITICAL

Risk Summary

OpenClaw before 2026.3.13 allows bootstrap setup codes to be replayed during device pairing verification in src/infra/device-bootstrap.ts. Attackers can verify a valid bootstrap code multiple times before approval to escalate pending pairing scopes, including privilege escalation to operator.admin.

CVEs (2)

CVE-2026-32987 CVE-2026-32982

Affected Vendors

Open Source

Affected Products (2)

Open Source · OpenClaw <2026.3.13

Open Source · OpenClaw 2026.3.13

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more