EUVD-2026-17029
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3Description
OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup codes generated by /pair endpoint and OpenClaw qr command. Attackers with access to leaked setup codes from chat history, logs, or screenshots can recover and reuse the shared gateway credential outside the intended one-time pairing flow.
Analysis
Credential exposure in OpenClaw gateway pairing mechanism allows remote attackers to extract and reuse long-lived shared gateway credentials embedded in pairing setup codes. Attackers who obtain QR codes or pairing tokens from chat logs, screenshots, or system logs can recover persistent gateway credentials intended for one-time use, enabling unauthorized gateway access without authentication. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: audit all OpenClaw gateway pairing codes in system logs, chat histories, and backup snapshots; isolate any QR codes or pairing tokens from user-accessible locations and implement access controls on log retention systems. Within 7 days: conduct forensic review of gateway access logs for any unauthorized authentication activity correlating with pairing code exposure dates; revoke and regenerate all gateway credentials if exfiltration cannot be ruled out; disable pairing functionality if operationally feasible. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today