Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.0
OpenClaw Control UI Pairing Bypass in Older Versions Allows Unauthorized Access
CVE-2026-32057
Summary
Older OpenClaw versions lack proper authentication checks for the Control UI pairing process, allowing a malicious user to gain unauthorized access to certain functions. This affects any organization using OpenClaw versions prior to 2026.2.25. Update to the latest version to fix this issue.
Original title
OpenClaw versions prior to 2026.2.25 contain an authentication bypass vulnerability in the trusted-proxy Control UI pairing mechanism that accepts client.id=control-ui without proper device identit...
Original description
OpenClaw versions prior to 2026.2.25 contain an authentication bypass vulnerability in the trusted-proxy Control UI pairing mechanism that accepts client.id=control-ui without proper device identity verification. An authenticated node role websocket client can exploit this by using the control-ui client identifier to skip pairing requirements and gain unauthorized access to node event execution flows.
nvd CVSS3.1
5.9
nvd CVSS4.0
6.0
Vulnerability type
CWE-807
Published: 21 Mar 2026 · Updated: 21 Mar 2026 · First seen: 21 Mar 2026