CVE-2026-32067 | THREATINT

Description

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability in the pairing-store access control for direct message pairing policy that allows attackers to reuse pairing approvals across multiple accounts. An attacker approved as a sender in one account can be automatically accepted in another account in multi-account deployments without explicit approval, bypassing authorization boundaries.

PUBLISHED Reserved 2026-03-10 | Published 2026-03-21 | Updated 2026-05-26 | Assigner VulnCheck

LOW: 2.0CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

LOW: 3.7CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

Problem types

CWE-863: Incorrect Authorization

Product status

Default status

unaffected

Any version before 2026.2.26

affected

2026.2.26 (semver)

unaffected

Credits

tdjackey reporter

References

github.com/...enclaw/security/advisories/GHSA-vjp8-wprm-2jw9 (GitHub Security Advisory (GHSA-vjp8-wprm-2jw9)) third-party-advisory

github.com/...ommit/a0c5e28f3bf0cc0cd9311f9e9ec2ca0352550dcf (Patch Commit #1) patch

github.com/...ommit/bce643a0bd145d3e9cb55400af33bd1b85baeb02 (Patch Commit #2) patch

www.vulncheck.com/...uthorization-bypass-in-dm-pairing-store (VulnCheck Advisory: OpenClaw < 2026.2.26 - Cross-Account Authorization Bypass in DM Pairing Store) third-party-advisory

cve.org (CVE-2026-32067)

nvd.nist.gov (CVE-2026-32067)

Download JSON