OpenClaw Patches Critical Privilege Escalation in /pair Approve Path
Security Patch for OpenClaw Tool-Calling Layer
OpenClaw has released version 2026.3.28 to patch a critical privilege escalation vulnerability discovered by Ant AI Security Lab. This affects users running OpenClaw as a tool-calling layer for local LLMs.
Vulnerability Details
The vulnerability was in the /pair approve command path. Specifically, when calling device approval, the system failed to forward caller scopes into the core approval check. This allowed a user with pairing privileges (but not admin privileges) to approve a pending device request that asked for broader scopes, including admin access.
Version Information
- Affected versions: OpenClaw <= 2026.3.24
- Patched version: OpenClaw >= 2026.3.28
Security Implications
This vulnerability is particularly relevant for anyone running local LLMs with tool access through OpenClaw. If a model becomes prompt-injected and can issue commands on your behalf, this is exactly the type of path that could be exploited to gain elevated privileges.
The advisory identifier is GHSA-hc5h-pmr3-3497, and the full security advisory is available on GitHub.
📖 Read the full source: r/openclaw
👀 See Also
Open-source playground for red-teaming AI agents with published exploits
Fabraix has open-sourced a live environment to stress-test AI agent defenses through adversarial challenges. Each challenge deploys a live agent with real tools and published system prompts, with winning conversation transcripts and guardrail logs documented publicly.
Security vulnerabilities exposed in Lovable-showcased EdTech app
A security researcher found 16 vulnerabilities in a Lovable-showcased EdTech app, including critical auth logic flaws that exposed 18,697 user records without authentication. The app had 100K+ views on Lovable's showcase and real users from UC Berkeley, UC Davis, and schools worldwide.
Secure Administrator Approval Flow for Group-Chat Assistants Against Prompt Injection
A practical approach to secure LLM assistants in shared group chats: pausing VM, OAuth, and code execution tools until admin approves via a timed link.
OpenClaw security risks: autonomous actions and permission concerns
OpenClaw acts autonomously on email, calendar, messaging, and files without waiting for user confirmation, with documented cases of data exfiltration, prompt injection, and ignored stop commands.