https://feed.craftedsignal.io/tags/device-pairing/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioSun, 29 Mar 2026 13:17:02 +0000https://feed.craftedsignal.io/briefs/2026-03-openclaw-replay/Sun, 29 Mar 2026 13:17:02 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-openclaw-replay/OpenClaw before 2026.3.13 is vulnerable to a replay attack during device pairing verification, allowing attackers to repeatedly verify a bootstrap code and escalate privileges to operator.admin.OpenClaw before version 2026.3.13 contains a vulnerability in the device pairing verification process. Specifically, the src/infra/device-bootstrap.ts file allows bootstrap setup codes to be replayed. This means an attacker can repeatedly use the same valid bootstrap code before it is approved, leading to an escalation of pending pairing scopes. The most critical outcome is privilege escalation to the operator.admin level, granting the attacker significant control over the affected system…

]]>criticaladvisoryreplay-attackprivilege-escalationdevice-pairing