New: Corgea AI Pentesting — autonomous penetration testing in hours, not weeks
MEDIUM 4.2 npm

Duplicate Advisory: Bootstrap token replay could widen pending pairing scopes

GHSA-h9h6-pwqv-j9hv

Published · Modified

Description

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-9v8j-9c9g-w66c. This link is maintained to preserve external references.

Original Description

OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with broader requested scopes. Attackers can replay bootstrap tokens before approval to escalate pairing authority beyond intended scope limits.

Ready to move

Start Securing

Free, no credit card | First findings in minutes