CVE-2026-33579 is actively exploitable and hits hard.

What happened: The /pair approve command doesn't check who is approving. So someone with basic pairing access (the lowest permission tier) can approve themselves for admin. That's it. Full instance takeover, no secondary exploit needed. CVSS 8.6 HIGH.

Why this matters right now:

Patch dropped March 29, NVD listing March 31. Two-day window for the vulns to spread before anyone saw it on NVD 135k+ OpenClaw instances are publicly exposed 63% of those run zero authentication. Meaning the "low privilege required" in the CVE = literally anyone on the internet can request pairing access and start the exploit chain

The attack is trivial:

Connect to an unauthenticated OpenClaw instance → get pairing access (no credentials needed) Register a fake device asking for operator.admin scope Approve your own request with /pair approve [request-id] System grants admin because it never checks if you are authorized to grant admin You now control the entire instance — all data, all connected services, all credentials

Takes maybe 30 seconds once you know the gap exists.

Todavía no instalo OpenClaw en ningún lado. Mi setup actual está contenido a Claude Code a control remoto. Un par de semanas más, tal vez.