CVE-2026-42426 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

OpenClaw before 2026.4.8 contains an improper authorization vulnerability where the node.pair.approve method accepts operator.write scope instead of the narrowe…
High CVSS: 8.7

CVE-2026-42426

OpenClaw before 2026.4.8 contains an improper authorization vulnerability where the node.pair.approve method accepts operator.write scope instead of the narrower operator.pairing scope, allowing unprivileged users to approve node pairing. Attackers with operator.write permissions can bypass pairing approval restrictions to gain unauthorized access to exec-capable nodes.
Vendor
-
Product
-
CWE
CWE-863
Yayın Tarihi
2026-04-28 19:37:46
Güncelleme
2026-04-28 20:10:23
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-863 HIGH 2026

Referanslar

https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5 https://github.com/openclaw/openclaw/security/advisories/GHSA-67mf-f936-ppxf https://www.vulncheck.com/advisories/openclaw-improper-authorization-in-node-pair-approve-via-operator-write-scope