{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/openclaw--2026.5.4/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["openclaw (\u003c 2026.5.4)"],"_cs_severities":["high"],"_cs_tags":["vulnerability","application","privilege-escalation","persistence","npm"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA significant vulnerability has been identified in the \u003ccode\u003eopenclaw\u003c/code\u003e project, specifically within its bundled device-pair plugin, affecting versions prior to \u003ccode\u003e2026.5.4\u003c/code\u003e. This flaw allows existing, authenticated users who are not designated as owners, administrators, or possessing explicit pairing scope, to exploit the chat agent's \u003ccode\u003e/pair\u003c/code\u003e command endpoint. By sending specific chat commands, these non-owner users can illicitly generate and retrieve device-pairing bootstrap codes. An attacker can then leverage these codes to enroll new devices with full \u0026quot;operator/node capabilities\u0026quot; into the \u003ccode\u003eopenclaw\u003c/code\u003e system. This results in persistent unauthorized access and control over the environment. The issue is critical for deployments where the \u003ccode\u003edevice-pair\u003c/code\u003e plugin is enabled and chat channels (e.g., Telegram, Discord, Slack) are configured to allow non-owner command execution. This vulnerability does not affect unauthenticated users, as it requires prior authorized access to a chat channel.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eInitial Access (Prerequisite)\u003c/strong\u003e: An attacker gains legitimate, non-owner access to a chat channel (e.g., Telegram, Discord, Slack) that is configured to interact with an \u003ccode\u003eopenclaw\u003c/code\u003e agent.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCommand Execution\u003c/strong\u003e: The attacker sends a chat command to the \u003ccode\u003eopenclaw\u003c/code\u003e agent, specifically targeting the exposed \u003ccode\u003e/pair\u003c/code\u003e command surface.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eVulnerability Exploitation\u003c/strong\u003e: The \u003ccode\u003eopenclaw\u003c/code\u003e agent, due to the vulnerability in versions prior to \u003ccode\u003e2026.5.4\u003c/code\u003e, processes the \u003ccode\u003e/pair\u003c/code\u003e command from the non-owner user, despite their lack of explicit pairing privileges.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBootstrap Code Generation\u003c/strong\u003e: The vulnerable agent generates and issues a device-pairing bootstrap code, transmitting it to the attacker via the chat channel.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDevice Enrollment\u003c/strong\u003e: The attacker uses the acquired bootstrap code before its expiry to enroll a new, unauthorized device with the \u003ccode\u003eopenclaw\u003c/code\u003e system.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrivilege Gain \u0026amp; Persistence\u003c/strong\u003e: The newly enrolled device is automatically granted \u0026quot;operator/node capabilities\u0026quot; and establishes \u0026quot;persistent credentials,\u0026quot; effectively escalating the attacker's access and control within the \u003ccode\u003eopenclaw\u003c/code\u003e environment.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an unauthorized individual, who already has basic chat access, to gain significant control over the \u003ccode\u003eopenclaw\u003c/code\u003e environment. By enrolling devices with operator/node capabilities, the attacker can achieve persistent access, potentially leading to data manipulation, unauthorized operations, or further compromise of integrated systems. This issue primarily impacts organizations using \u003ccode\u003eopenclaw\u003c/code\u003e with chat agent integrations (like Telegram, Discord, or Slack) where the \u003ccode\u003edevice-pair\u003c/code\u003e plugin is enabled and command access is not strictly limited to trusted personnel. The impact is the establishment of a backdoor-like persistence mechanism via the unauthorized enrollment of a new device.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately upgrade \u003ccode\u003eopenclaw\u003c/code\u003e to version \u003ccode\u003e2026.5.4\u003c/code\u003e or later to remediate the vulnerability.\u003c/li\u003e\n\u003cli\u003eReview all currently paired devices within your \u003ccode\u003eopenclaw\u003c/code\u003e deployment and remove any unexpected or unauthorized entries to revoke persistent access gained through this vulnerability.\u003c/li\u003e\n\u003cli\u003eIn shared chat channels where the \u003ccode\u003eopenclaw\u003c/code\u003e agent is configured, limit command access to only those users who are explicitly authorized and trusted to manage device pairing, as outlined in the \u0026quot;Mitigations\u0026quot; section of the advisory.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-03T12:02:47Z","date_published":"2026-07-03T12:02:47Z","id":"https://feed.craftedsignal.io/briefs/2026-07-openclaw-device-pairing-vulnerability/","summary":"A high-severity vulnerability (affecting OpenClaw versions prior to 2026.5.4) in the bundled device-pair plugin allowed authorized non-owner chat senders to issue device-pairing bootstrap codes, enabling them to enroll devices with operator/node capabilities and gain persistent unauthorized access within the OpenClaw environment.","title":"OpenClaw Device Pairing Vulnerability Allows Unauthorized Device Enrollment","url":"https://feed.craftedsignal.io/briefs/2026-07-openclaw-device-pairing-vulnerability/"}],"language":"en","title":"CraftedSignal Threat Feed - Openclaw (\u003c 2026.5.4)","version":"https://jsonfeed.org/version/1.1"}