OpenClaw Patches Critical Privilege Escalation in /pair Approve Path
Security Patch for OpenClaw Tool-Calling Layer
OpenClaw has released version 2026.3.28 to patch a critical privilege escalation vulnerability discovered by Ant AI Security Lab. This affects users running OpenClaw as a tool-calling layer for local LLMs.
Vulnerability Details
The vulnerability was in the /pair approve command path. Specifically, when calling device approval, the system failed to forward caller scopes into the core approval check. This allowed a user with pairing privileges (but not admin privileges) to approve a pending device request that asked for broader scopes, including admin access.
Version Information
- Affected versions: OpenClaw <= 2026.3.24
- Patched version: OpenClaw >= 2026.3.28
Security Implications
This vulnerability is particularly relevant for anyone running local LLMs with tool access through OpenClaw. If a model becomes prompt-injected and can issue commands on your behalf, this is exactly the type of path that could be exploited to gain elevated privileges.
The advisory identifier is GHSA-hc5h-pmr3-3497, and the full security advisory is available on GitHub.
📖 Read the full source: r/openclaw
👀 See Also
Potential Claude Security Incident: Self-Sent Password Alerts and Suspicious .NET Process
A user reports receiving suspicious password reset alerts that appeared to be sent from their own account after logging into Claude, with emails vanishing minutes later and an unusual .NET process blocking system shutdown.
Security Alert: Malicious Code in LiteLLM May Steal API Keys
A critical security vulnerability has been identified in LiteLLM that could expose API keys. Users of OpenClaw or nanobot may be affected and should check the GitHub issues linked in the source.
Security Audit Finds Anthropic's MCP Reference Servers Vulnerable, Introduces Hallucination-Based Vulnerabilities
A security audit of 100 MCP server packages found 71% scored an F, including Anthropic's official GitHub and filesystem reference implementations. The audit identified Hallucination-Based Vulnerabilities that create security holes and waste tokens through reasoning loops.
Proxy-layer isolation for local agent API key security
A developer shares an approach to API key isolation in local agent setups using a Rust proxy that swaps placeholder tokens for real credentials, preventing exposure in agent memory, logs, context windows, and tool environments.