How is CVE-2026-35639 exploited?

An attacker with any valid limited token can submit a pairing approval request and receive an operator-level session in return, without needing device.pair scope.

How do I patch CVE-2026-35639?

Upgrade to OpenClaw v2026.4.5 or later, which includes the fix along with the other 12 April CVE patches.

How many OpenClaw instances are vulnerable to CVE-2026-35639?

With 135,000+ publicly exposed instances and 63% running without authentication, an estimated 85,000+ instances may be vulnerable.

Is CVE-2026-35639 remotely exploitable?

Yes. On unauthenticated OpenClaw instances (63% of exposed instances), it is remotely exploitable with no credentials required.

What is CVE-2026-35639?

The highest severity CVE in the April 2026 batch (CVSS 8.7). The device.pair.approve handler fails to validate token scope, allowing privilege escalation from any valid token to operator-level access.

← Back to dashboard

clawsmith.com/signal/cve-2026-35639-device-pair-approve-priv-esc

⚠ IssueWide OpenLive

CVE-2026-35639: OpenClaw device.pair.approve privilege escalation (CVSS 8.7) — highest severity in April 2026 batch

The device.pair.approve handler fails to validate that the requesting token holds the device.pair scope before approving pairing. Any valid limited token can submit a pairing approval and receive operator-level session. Remotely exploitable on unauthenticated instances with no credentials required. Fixed in v2026.4.5.

Product Idea from this Signal

A CLI tool that audits OpenClaw device token scopes and blocks privilege escalation paths before attackers exploit them

1.4k ▲

CVE-2026-32922 (CVSS 9.9) proved that a single API call to device.token.rotate can escalate any paired device to full admin. The root cause was missing scope validation, but the broader problem is that OpenClaw operators have zero visibility into which devices hold what scopes, which tokens have been rotated suspiciously, and whether their instance is still vulnerable. 137 security advisories were filed in 60 days. This CLI tool continuously audits device tokens, flags over-scoped devices, detects rotation anomalies, and blocks escalation attempts at the gateway level.

SECURITYCLIDEVTOOLOPEN-SOURCE

CompetitiveView Opportunity →

Product Idea from this Signal

A security service that auto-patches OpenClaw CVEs within hours of disclosure before attackers exploit them

5.7k ▲

OpenClaw shipped 9 CVEs in 4 days (March 2026) including a CVSS 9.9 privilege escalation affecting 135K+ exposed instances. Most operators have no way to know which CVEs affect their version, no automated patching, and no coordination between the flood of advisories (156+ total) and their actual attack surface. This tool continuously monitors CVE feeds, maps each advisory to your installed version and enabled features, and applies safe mitigations automatically while queuing risky patches for human approval.

SECURITYCLIDEVTOOLOPEN-SOURCESYSADMIN

CompetitiveView Opportunity →