CVE-2026-33575 in OpenClaw
Сводка (Английский)
OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup codes generated by /pair endpoint and OpenClaw qr command. Attackers with access to leaked setup codes from chat history, logs, or screenshots can recover and reuse the shared gateway credential outside the intended one-time pairing flow.
Ответственный
VulnCheck
Резервировать
23.03.2026
Раскрытие
29.03.2026
Записи
| Опубликовано | База | Темп | Уязвимость | CWE | Прод | Экс | Кон | EPSS | CTI | CVE |
|---|---|---|---|---|---|---|---|---|---|---|
| 29.03.2026 | 6.9 | 6.7 | OpenClaw pair раскрытие информации | 522 | Artificial Intelligence Software | Не определено | Официальное исправление | 0.00000 | 5.61+ | CVE-2026-33575 |