Cloud Vulnerability DB
A community-led vulnerabilities database
Wiz Agents & Workflows are here
Vulnerability DatabaseGHSA-7h7g-x2px-94hj
GHSA-7h7g-x2px-94hj:
OpenClaw (formerly Moltbot or Clawdbot) vulnerability analysis and mitigation
Summary
OpenClaw pairing setup codes generated by /pair and openclaw qr embedded the configured shared gateway token or password directly in the setup payload. Anyone who obtained that code from chat history, logs, screenshots, or copied QR payloads could recover the long-lived shared credential.
Impact
An attacker with access to a leaked setup code could reuse the shared gateway credential outside the intended one-time pairing flow.
Affected versions
openclaw <= 2026.3.11
Patch
Fixed in openclaw 2026.3.12. Setup codes now carry short-lived bootstrap tokens that are only valid for the initial device bootstrap exchange. Update to 2026.3.12 or later and rotate any previously exposed shared gateway credentials if setup codes may have leaked.
Source: NVD
Related OpenClaw (formerly Moltbot or Clawdbot) vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management