CVE-2026-42426
Improper Authorization in OpenClaw node.pair.approve Enables Unauthorized Access
Publication date: 2026-04-28
Last updated on: 2026-04-30
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.4.8 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of CVE-2026-42426 on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-42426 is an improper authorization vulnerability in OpenClaw versions before 2026.4.8. The issue occurs because the node.pair.approve method incorrectly accepts the broader operator.write permission scope instead of the intended narrower operator.pairing scope.
This flaw allows attackers who have operator.write permissionsβwho normally should not be able to approve node pairingsβto bypass pairing approval restrictions. As a result, they can gain unauthorized access to nodes that are capable of executing commands.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to exec-capable nodes by attackers who have operator.write permissions but are not supposed to approve node pairings.
Such unauthorized access could allow attackers to execute commands on these nodes, potentially leading to privilege escalation, data compromise, or disruption of services.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves improper authorization in the node.pair.approve method accepting the broader operator.write scope instead of the intended operator.pairing scope. Detection would involve checking if any users or processes have operator.write permissions that allow them to approve node pairing.
Since the vulnerability is related to permission scopes within OpenClaw, detection can include auditing the permissions assigned to users or roles, especially looking for operator.write permissions being used to approve node pairing.
Specific commands are not provided in the available resources, but general approaches could include:
- Review OpenClaw configuration or permission settings to identify users with operator.write scope.
- Audit logs for calls to node.pair.approve method to see if approvals are being made by users with operator.write permissions.
- Use OpenClaw's internal commands or API queries to list current node pairings and the users who approved them.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade OpenClaw to version 2026.4.8 or later, where the vulnerability has been fixed by correcting the permission scope of the node.pair.approve method to require operator.pairing instead of operator.write.
Until the upgrade can be applied, restrict or review the assignment of operator.write permissions to users, ensuring that only fully trusted users have this scope.
Additionally, monitor and audit node pairing approvals to detect any unauthorized approvals that may exploit this vulnerability.