CVE-2026-33575 in OpenClaw
요약 (영어)
OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup codes generated by /pair endpoint and OpenClaw qr command. Attackers with access to leaked setup codes from chat history, logs, or screenshots can recover and reuse the shared gateway credential outside the intended one-time pairing flow.
책임이 있는
VulnCheck
예약하다
2026. 03. 23.
공개
2026. 03. 29.
엔트리
| 게시됨 | 기본 | 임시 | 취약성 | CWE | 제품 | 악용 | 대책 | EPSS | CTI | CVE |
|---|---|---|---|---|---|---|---|---|---|---|
| 2026. 03. 29. | 6.9 | 6.7 | OpenClaw pair 정보 공개 | 522 | Artificial Intelligence Software | 정의되지 않음 | 공식 수정 | 0.00000 | 7.38 | CVE-2026-33575 |