Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
3.7
OpenClaw: Approved Senders Can Be Shared Across Accounts
GHSA-vjp8-wprm-2jw9
Summary
OpenClaw, a software tool, has a security issue that allows a sender approved in one account to be accepted in another account without explicit approval in that account. This can happen in multi-account setups. To fix this, the developers have updated OpenClaw to ensure that approvals are account-specific. If you're using OpenClaw, check for updates to the latest version to ensure you have the fix.
What to do
- Update openclaw to version 2026.2.26.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.2.25 | 2026.2.26 |
Original title
OpenClaw has cross-account DM pairing authorization bypass via unscoped pairing store access
Original description
### Summary
OpenClaw had account-scope gaps in pairing-store access for DM pairing policy, which could let a pairing approval from one account authorize the same sender on another account in multi-account setups.
### Impact
This is an authorization-boundary weakness in multi-account channel deployments. A sender approved in one account could be accepted in another account before explicit approval there.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published version affected: `2026.2.25`
- Vulnerable range: `<= 2026.2.25`
- Patched version (planned next release): `>= 2026.2.26`
### Fix
OpenClaw now enforces account-scoped pairing reads/writes consistently across core and extension message channels, with stricter runtime/SDK helpers and shared policy wiring to prevent cross-account pairing bleed.
### Fix Commit(s)
- `a0c5e28f3bf0cc0cd9311f9e9ec2ca0352550dcf`
- `bce643a0bd145d3e9cb55400af33bd1b85baeb02`
### Release Process Note
`patched_versions` is pre-set to the planned next release (`2026.2.26`). After npm publish of that version, this advisory is ready to publish without further content edits.
OpenClaw thanks @tdjackey for reporting.
OpenClaw had account-scope gaps in pairing-store access for DM pairing policy, which could let a pairing approval from one account authorize the same sender on another account in multi-account setups.
### Impact
This is an authorization-boundary weakness in multi-account channel deployments. A sender approved in one account could be accepted in another account before explicit approval there.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published version affected: `2026.2.25`
- Vulnerable range: `<= 2026.2.25`
- Patched version (planned next release): `>= 2026.2.26`
### Fix
OpenClaw now enforces account-scoped pairing reads/writes consistently across core and extension message channels, with stricter runtime/SDK helpers and shared policy wiring to prevent cross-account pairing bleed.
### Fix Commit(s)
- `a0c5e28f3bf0cc0cd9311f9e9ec2ca0352550dcf`
- `bce643a0bd145d3e9cb55400af33bd1b85baeb02`
### Release Process Note
`patched_versions` is pre-set to the planned next release (`2026.2.26`). After npm publish of that version, this advisory is ready to publish without further content edits.
OpenClaw thanks @tdjackey for reporting.
ghsa CVSS3.1
3.7
Vulnerability type
CWE-863
Incorrect Authorization
Published: 4 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026