CVE-2026-42426
Received Received - Intake
Improper Authorization in OpenClaw node.pair.approve Enables Unauthorized Access

Publication date: 2026-04-28

Last updated on: 2026-04-30

Assigner: VulnCheck

Description
OpenClaw before 2026.4.8 contains an improper authorization vulnerability where the node.pair.approve method accepts operator.write scope instead of the narrower operator.pairing scope, allowing unprivileged users to approve node pairing. Attackers with operator.write permissions can bypass pairing approval restrictions to gain unauthorized access to exec-capable nodes.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-28
Last Modified
2026-04-30
Generated
2026-06-16
AI Q&A
2026-04-28
EPSS Evaluated
2026-06-15
NVD
CVE-2026-42426
EUVD
EUVD-2026-26128
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.4.8 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-42426 is an improper authorization vulnerability in OpenClaw versions before 2026.4.8. The issue occurs because the node.pair.approve method incorrectly accepts the broader operator.write permission scope instead of the intended narrower operator.pairing scope.

This flaw allows attackers who have operator.write permissionsβ€”who normally should not be able to approve node pairingsβ€”to bypass pairing approval restrictions. As a result, they can gain unauthorized access to nodes that are capable of executing commands.

Impact Analysis

This vulnerability can lead to unauthorized access to exec-capable nodes by attackers who have operator.write permissions but are not supposed to approve node pairings.

Such unauthorized access could allow attackers to execute commands on these nodes, potentially leading to privilege escalation, data compromise, or disruption of services.

Detection Guidance

This vulnerability involves improper authorization in the node.pair.approve method accepting the broader operator.write scope instead of the intended operator.pairing scope. Detection would involve checking if any users or processes have operator.write permissions that allow them to approve node pairing.

Since the vulnerability is related to permission scopes within OpenClaw, detection can include auditing the permissions assigned to users or roles, especially looking for operator.write permissions being used to approve node pairing.

Specific commands are not provided in the available resources, but general approaches could include:

  • Review OpenClaw configuration or permission settings to identify users with operator.write scope.
  • Audit logs for calls to node.pair.approve method to see if approvals are being made by users with operator.write permissions.
  • Use OpenClaw's internal commands or API queries to list current node pairings and the users who approved them.
Mitigation Strategies

The primary mitigation step is to upgrade OpenClaw to version 2026.4.8 or later, where the vulnerability has been fixed by correcting the permission scope of the node.pair.approve method to require operator.pairing instead of operator.write.

Until the upgrade can be applied, restrict or review the assignment of operator.write permissions to users, ensuring that only fully trusted users have this scope.

Additionally, monitor and audit node pairing approvals to detect any unauthorized approvals that may exploit this vulnerability.

Compliance Impact

The provided information does not specify any direct impact of CVE-2026-42426 on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42426. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart