CVE-2026-32905 Overview
CVE-2026-32905 is an authorization bypass vulnerability in OpenClaw versions before 2026.5.4. The flaw resides in the bundled device-pair plugin, which fails to validate scope when issuing device-pairing bootstrap codes. Any authorized chat sender, including non-owner accounts, can request setup codes through chat commands. These codes can then enroll new devices with operator or node capabilities. Enrolled devices retain persistent credentials until an administrator manually removes them. The vulnerability is tracked under CWE-862: Missing Authorization.
Critical Impact
Attackers with low-privilege chat command access can enroll rogue devices with operator/node capabilities, gaining persistent control over the OpenClaw deployment.
Affected Products
- OpenClaw (Node.js distribution) versions prior to 2026.5.4
- Deployments using the bundled device-pair plugin
- Instances exposing chat command access to non-owner authorized users
Discovery Timeline
- 2026-05-29 - CVE-2026-32905 published to NVD
- 2026-06-01 - Last updated in NVD database
Technical Details for CVE-2026-32905
Vulnerability Analysis
The vulnerability allows non-owner authorized chat senders to invoke the device-pair plugin's bootstrap code issuance routine. The plugin treats any authenticated chat command sender as authorized to generate enrollment codes. It does not verify whether the requester holds the owner scope required for device pairing. Once issued, the bootstrap code can enroll arbitrary devices into the deployment with operator or node capability sets.
Enrolled devices receive persistent credentials. These credentials remain valid until an administrator explicitly revokes them through manual removal. This grants attackers a durable foothold that survives password resets and session expirations on the original compromised account.
Root Cause
The device-pair plugin lacks an authorization check tied to the requester's scope. The bootstrap code handler validates that the caller is an authenticated chat sender but omits a verification that the caller holds the owner role. This missing authorization gate maps to CWE-862.
Attack Vector
An attacker requires only low-privileged authenticated access with chat command capabilities. Over the network, the attacker submits the device-pairing chat command and receives a valid bootstrap code. The attacker then uses the code to enroll a device under their control. The newly enrolled device inherits operator or node capabilities and authenticates to OpenClaw with persistent credentials.
No public proof-of-concept exploit is currently available. See the VulnCheck Security Advisory and the GitHub Security Advisory GHSA-xr4f-mjxj-w6w5 for vendor-authored technical details.
Detection Methods for CVE-2026-32905
Indicators of Compromise
- Device-pair bootstrap code issuance events triggered by chat senders other than the owner account
- Unexpected device enrollments appearing with operator or node capabilities
- New persistent credentials issued without a corresponding administrator approval workflow entry
- Chat command audit log entries invoking the device-pair plugin from low-privileged users
Detection Strategies
- Correlate device-pair plugin invocations with the requester's role and flag any non-owner caller
- Compare the device enrollment ledger against an approved enrollment list and alert on unmatched entries
- Monitor for short windows between a bootstrap code issuance event and a successful device enrollment from a new network source
Monitoring Recommendations
- Forward OpenClaw chat command and plugin audit logs to a centralized SIEM for retention and correlation
- Alert on creation of any device with operator or node capability outside change-management windows
- Track active device inventory and review for accounts that have not been revoked after personnel changes
How to Mitigate CVE-2026-32905
Immediate Actions Required
- Upgrade OpenClaw to version 2026.5.4 or later, which restores scope validation in the device-pair plugin
- Audit the current device inventory and remove any device enrolled by a non-owner account
- Rotate or revoke persistent credentials tied to unexplained device enrollments
- Restrict chat command access to trusted users until the patch is applied
Patch Information
OpenClaw addresses CVE-2026-32905 in release 2026.5.4. The fix adds scope validation to the device-pair plugin so only owner-scoped accounts can issue bootstrap codes. Refer to the GitHub Security Advisory GHSA-xr4f-mjxj-w6w5 for the upstream patch details.
Workarounds
- Disable the bundled device-pair plugin if device enrollment is not required
- Limit chat command authorization to the owner account until the upgrade is deployed
- Place OpenClaw behind a reverse proxy that filters device-pair chat commands from non-owner identities
# Configuration example: upgrade OpenClaw to the patched release
npm install openclaw@2026.5.4
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
