{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/device-pairing/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["replay-attack","privilege-escalation","device-pairing"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eOpenClaw before version 2026.3.13 contains a vulnerability in the device pairing verification process.  Specifically, the \u003ccode\u003esrc/infra/device-bootstrap.ts\u003c/code\u003e file allows bootstrap setup codes to be replayed. This means an attacker can repeatedly use the same valid bootstrap code before it is approved, leading to an escalation of pending pairing scopes. The most critical outcome is privilege escalation to the \u003ccode\u003eoperator.admin\u003c/code\u003e level, granting the attacker significant control over the affected system…\u003c/p\u003e\n","date_modified":"2026-03-29T13:17:02Z","date_published":"2026-03-29T13:17:02Z","id":"/briefs/2026-03-openclaw-replay/","summary":"OpenClaw before 2026.3.13 is vulnerable to a replay attack during device pairing verification, allowing attackers to repeatedly verify a bootstrap code and escalate privileges to operator.admin.","title":"OpenClaw Bootstrap Code Replay Vulnerability (CVE-2026-32987)","url":"https://feed.craftedsignal.io/briefs/2026-03-openclaw-replay/"}],"language":"en","title":"CraftedSignal Threat Feed — Device-Pairing","version":"https://jsonfeed.org/version/1.1"}