OpenClaw Patches Critical Privilege Escalation in /pair Approve Path
Security Patch for OpenClaw Tool-Calling Layer
OpenClaw has released version 2026.3.28 to patch a critical privilege escalation vulnerability discovered by Ant AI Security Lab. This affects users running OpenClaw as a tool-calling layer for local LLMs.
Vulnerability Details
The vulnerability was in the /pair approve command path. Specifically, when calling device approval, the system failed to forward caller scopes into the core approval check. This allowed a user with pairing privileges (but not admin privileges) to approve a pending device request that asked for broader scopes, including admin access.
Version Information
- Affected versions: OpenClaw <= 2026.3.24
- Patched version: OpenClaw >= 2026.3.28
Security Implications
This vulnerability is particularly relevant for anyone running local LLMs with tool access through OpenClaw. If a model becomes prompt-injected and can issue commands on your behalf, this is exactly the type of path that could be exploited to gain elevated privileges.
The advisory identifier is GHSA-hc5h-pmr3-3497, and the full security advisory is available on GitHub.
📖 Read the full source: r/openclaw
👀 See Also
Litellm PyPI Package Compromised: Malicious Version 1.82.8 Exfiltrated Credentials
The litellm PyPI package, which unifies calls to OpenAI, Anthropic, Cohere and other LLM providers, was compromised with malicious version 1.82.8 that exfiltrated SSH keys, cloud credentials, API keys, and other sensitive data for about an hour.
Domain-Camouflaged Injection Attacks Evade Detectors in Multi-Agent LLM Systems
A new paper shows injection payloads tailored to domain vocabulary evade detection, dropping IDR from 93.8% to 9.7%. Multi-agent debate amplifies attacks. Llama Guard 3 detects zero payloads.
AI Vulnerability Discovery Outpacing Patch Deployment Times
A security expert argues that AI tools like Mythos will find vulnerabilities faster than fixes can be deployed, citing Log4j data showing average remediation times of 17 days and a decade-long elimination timeline.
