Vulnerability-Lookup

CVE-2026-32915 (GCVE-0-2026-32915)

Vulnerability from cvelistv5 – Published: 2026-03-29 12:44 – Updated: 2026-03-30 15:57

Title

OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Subagent Control Surface

Summary

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf worker can steer or kill sibling runs and cause execution with broader tool policies by exploiting insufficient authorization checks on subagent control requests.

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-863 - Incorrect Authorization

Assigner

VulnCheck

References

2 references

URL	Tags
https://github.com/openclaw/openclaw/security/adv…	third-party-advisory
https://www.vulncheck.com/advisories/openclaw-san…	third-party-advisory

Impacted products

1 product

Vendor	Product	Version
OpenClaw	OpenClaw	Affected: 0 , < 2026.3.11 (semver) Unaffected: 2026.3.11 (semver)

Date Public

2026-03-12 00:00

Credits

tdjackey

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-32915",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-30T15:57:19.068489Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-30T15:57:31.184Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageURL": "pkg:npm/openclaw",
          "product": "OpenClaw",
          "vendor": "OpenClaw",
          "versions": [
            {
              "lessThan": "2026.3.11",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "2026.3.11",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
                  "versionEndExcluding": "2026.3.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "tdjackey"
        }
      ],
      "datePublic": "2026-03-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf worker can steer or kill sibling runs and cause execution with broader tool policies by exploiting insufficient authorization checks on subagent control requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-29T12:44:20.732Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "GitHub Security Advisory (GHSA-4w7m-58cg-cmff)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4w7m-58cg-cmff"
        },
        {
          "name": "VulnCheck Advisory: OpenClaw \u003c 2026.3.11 - Sandbox Boundary Bypass via Subagent Control Surface",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/openclaw-sandbox-boundary-bypass-via-subagent-control-surface"
        }
      ],
      "title": "OpenClaw \u003c 2026.3.11 - Sandbox Boundary Bypass via Subagent Control Surface",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2026-32915",
    "datePublished": "2026-03-29T12:44:20.732Z",
    "dateReserved": "2026-03-16T21:19:31.965Z",
    "dateUpdated": "2026-03-30T15:57:31.184Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-32915",
      "date": "2026-06-17",
      "epss": "0.00142",
      "percentile": "0.03839"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-32915\",\"sourceIdentifier\":\"disclosure@vulncheck.com\",\"published\":\"2026-03-29T13:16:59.973\",\"lastModified\":\"2026-03-31T18:10:23.680\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf worker can steer or kill sibling runs and cause execution with broader tool policies by exploiting insufficient authorization checks on subagent control requests.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.3,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"2026.3.11\",\"matchCriteriaId\":\"4B01F0B5-B0CB-462E-A546-2BA2CACD83D5\"}]}]}],\"references\":[{\"url\":\"https://github.com/openclaw/openclaw/security/advisories/GHSA-4w7m-58cg-cmff\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.vulncheck.com/advisories/openclaw-sandbox-boundary-bypass-via-subagent-control-surface\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-32915\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-30T15:57:19.068489Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-30T15:57:25.877Z\"}}], \"cna\": {\"title\": \"OpenClaw \u003c 2026.3.11 - Sandbox Boundary Bypass via Subagent Control Surface\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"tdjackey\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 9.3, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"OpenClaw\", \"product\": \"OpenClaw\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2026.3.11\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"2026.3.11\", \"versionType\": \"semver\"}], \"packageURL\": \"pkg:npm/openclaw\", \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2026-03-12T00:00:00.000Z\", \"references\": [{\"url\": \"https://github.com/openclaw/openclaw/security/advisories/GHSA-4w7m-58cg-cmff\", \"name\": \"GitHub Security Advisory (GHSA-4w7m-58cg-cmff)\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://www.vulncheck.com/advisories/openclaw-sandbox-boundary-bypass-via-subagent-control-surface\", \"name\": \"VulnCheck Advisory: OpenClaw \u003c 2026.3.11 - Sandbox Boundary Bypass via Subagent Control Surface\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"vulncheck\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf worker can steer or kill sibling runs and cause execution with broader tool policies by exploiting insufficient authorization checks on subagent control requests.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-863\", \"description\": \"Incorrect Authorization\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"2026.3.11\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"shortName\": \"VulnCheck\", \"dateUpdated\": \"2026-03-29T12:44:20.732Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-32915\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-30T15:57:31.184Z\", \"dateReserved\": \"2026-03-16T21:19:31.965Z\", \"assignerOrgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"datePublished\": \"2026-03-29T12:44:20.732Z\", \"assignerShortName\": \"VulnCheck\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CNVD-2026-16679

Vulnerability from cnvd - Published: 2026-04-09

Title

OpenClaw授权问题漏洞（CNVD-2026-16679）

Description

OpenClaw是一款用于权限管理的命令行工具。 OpenClaw 2026.3.11之前版本存在安全漏洞，该漏洞源于对子代理控制请求的授权检查不足，导致叶子子代理能够访问子代理控制面，并针对父请求者作用域而非自身会话树进行解析。攻击者可利用该漏洞操控或终止同级运行任务，并通过利用更宽泛的工具策略执行代码。

Severity

中

Patch Name

OpenClaw授权问题漏洞（CNVD-2026-16679）的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://github.com/openclaw/openclaw/security/advisories/GHSA-4w7m-58cg-cmff

Reference

https://github.com/openclaw/openclaw/security/advisories/GHSA-4w7m-58cg-cmff https://www.vulncheck.com/advisories/openclaw-sandbox-boundary-bypass-via-subagent-control-surface

Impacted products

Name
OpenClaw OpenClaw <2026.3.11

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2026-32915",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2026-32915"
    }
  },
  "description": "OpenClaw\u662f\u4e00\u6b3e\u7528\u4e8e\u6743\u9650\u7ba1\u7406\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\n\nOpenClaw 2026.3.11\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u5b50\u4ee3\u7406\u63a7\u5236\u8bf7\u6c42\u7684\u6388\u6743\u68c0\u67e5\u4e0d\u8db3\uff0c\u5bfc\u81f4\u53f6\u5b50\u5b50\u4ee3\u7406\u80fd\u591f\u8bbf\u95ee\u5b50\u4ee3\u7406\u63a7\u5236\u9762\uff0c\u5e76\u9488\u5bf9\u7236\u8bf7\u6c42\u8005\u4f5c\u7528\u57df\u800c\u975e\u81ea\u8eab\u4f1a\u8bdd\u6811\u8fdb\u884c\u89e3\u6790\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u64cd\u63a7\u6216\u7ec8\u6b62\u540c\u7ea7\u8fd0\u884c\u4efb\u52a1\uff0c\u5e76\u901a\u8fc7\u5229\u7528\u66f4\u5bbd\u6cdb\u7684\u5de5\u5177\u7b56\u7565\u6267\u884c\u4ee3\u7801\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://github.com/openclaw/openclaw/security/advisories/GHSA-4w7m-58cg-cmff",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2026-16679",
  "openTime": "2026-04-09",
  "patchDescription": "OpenClaw\u662f\u4e00\u6b3e\u7528\u4e8e\u6743\u9650\u7ba1\u7406\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\r\n\r\nOpenClaw 2026.3.11\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u5b50\u4ee3\u7406\u63a7\u5236\u8bf7\u6c42\u7684\u6388\u6743\u68c0\u67e5\u4e0d\u8db3\uff0c\u5bfc\u81f4\u53f6\u5b50\u5b50\u4ee3\u7406\u80fd\u591f\u8bbf\u95ee\u5b50\u4ee3\u7406\u63a7\u5236\u9762\uff0c\u5e76\u9488\u5bf9\u7236\u8bf7\u6c42\u8005\u4f5c\u7528\u57df\u800c\u975e\u81ea\u8eab\u4f1a\u8bdd\u6811\u8fdb\u884c\u89e3\u6790\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u64cd\u63a7\u6216\u7ec8\u6b62\u540c\u7ea7\u8fd0\u884c\u4efb\u52a1\uff0c\u5e76\u901a\u8fc7\u5229\u7528\u66f4\u5bbd\u6cdb\u7684\u5de5\u5177\u7b56\u7565\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "OpenClaw\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2026-16679\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "OpenClaw OpenClaw \u003c2026.3.11"
  },
  "referenceLink": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4w7m-58cg-cmff\r\nhttps://www.vulncheck.com/advisories/openclaw-sandbox-boundary-bypass-via-subagent-control-surface",
  "serverity": "\u4e2d",
  "submitTime": "2026-04-08",
  "title": "OpenClaw\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2026-16679\uff09"
}

FKIE_CVE-2026-32915

Vulnerability from fkie_nvd - Published: 2026-03-29 13:16 - Updated: 2026-06-17 10:36

Severity

8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Summary

References

	URL	Tags
	disclosure@vulncheck.com	https://github.com/openclaw/openclaw/security/advisories/GHSA-4w7m-58cg-cmff	Vendor Advisory
	disclosure@vulncheck.com	https://www.vulncheck.com/advisories/openclaw-sandbox-boundary-bypass-via-subagent-control-surface	Third Party Advisory

Impacted products

	Vendor	Product	Version
	openclaw	openclaw	*

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "defaultStatus": "unaffected",
          "packageURL": "pkg:npm/openclaw",
          "product": "OpenClaw",
          "vendor": "OpenClaw",
          "versions": [
            {
              "lessThan": "2026.3.11",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "2026.3.11",
              "versionType": "semver"
            }
          ]
        }
      ],
      "source": "disclosure@vulncheck.com"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "4B01F0B5-B0CB-462E-A546-2BA2CACD83D5",
              "versionEndExcluding": "2026.3.11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf worker can steer or kill sibling runs and cause execution with broader tool policies by exploiting insufficient authorization checks on subagent control requests."
    },
    {
      "lang": "es",
      "value": "OpenClaw anterior a 2026.3.11 contiene una vulnerabilidad de bypass de l\u00edmite de sandbox que permite a los subagentes hoja acceder a la superficie de control de los subagentes y resolver contra el alcance del solicitante padre en lugar de su propio \u00e1rbol de sesi\u00f3n. Un trabajador hoja en sandbox con bajos privilegios puede dirigir o terminar ejecuciones hermanas y causar la ejecuci\u00f3n con pol\u00edticas de herramientas m\u00e1s amplias al explotar comprobaciones de autorizaci\u00f3n insuficientes en las solicitudes de control de subagentes."
    }
  ],
  "id": "CVE-2026-32915",
  "lastModified": "2026-06-17T10:36:33.003",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 6.0,
        "source": "disclosure@vulncheck.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "LOCAL",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 9.3,
          "baseSeverity": "CRITICAL",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "HIGH",
          "subConfidentialityImpact": "HIGH",
          "subIntegrityImpact": "HIGH",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "disclosure@vulncheck.com",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2026-32915",
          "options": [
            {
              "exploitation": "none"
            },
            {
              "automatable": "no"
            },
            {
              "technicalImpact": "total"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2026-03-30T15:57:19.068489Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2026-03-29T13:16:59.973",
  "references": [
    {
      "source": "disclosure@vulncheck.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4w7m-58cg-cmff"
    },
    {
      "source": "disclosure@vulncheck.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.vulncheck.com/advisories/openclaw-sandbox-boundary-bypass-via-subagent-control-surface"
    }
  ],
  "sourceIdentifier": "disclosure@vulncheck.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "disclosure@vulncheck.com",
      "type": "Secondary"
    }
  ]
}

GHSA-8JFX-RQJM-9JHF

Vulnerability from github – Published: 2026-03-29 15:30 – Updated: 2026-03-29 15:30

Details

Severity

8.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

9.3 (Critical)


                  
                    CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-32915"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-29T13:16:59Z",
    "severity": "CRITICAL"
  },
  "details": "OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf worker can steer or kill sibling runs and cause execution with broader tool policies by exploiting insufficient authorization checks on subagent control requests.",
  "id": "GHSA-8jfx-rqjm-9jhf",
  "modified": "2026-03-29T15:30:19Z",
  "published": "2026-03-29T15:30:19Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4w7m-58cg-cmff"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32915"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-sandbox-boundary-bypass-via-subagent-control-surface"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

WID-SEC-W-2026-0727

Vulnerability from csaf_certbund - Published: 2026-03-15 23:00 - Updated: 2026-03-31 22:00

Summary

OpenClaw: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: OpenClaw ist ein persönlicher KI-Assistent zur Ausführung auf eigenen Geräten.

Angriff: Ein Angreifer kann mehrere Schwachstellen in OpenClaw ausnutzen, um beliebigen Code auszuführen, erweiterte Berechtigungen – sogar Administratorrechte – zu erlangen, Daten zu manipulieren, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen oder andere, nicht näher spezifizierte Angriffe durchzuführen.

Betroffene Betriebssysteme: - Sonstiges - UNIX

CVE-2026-22172

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Open Source OpenClaw <2026.3.13 Open Source / OpenClaw		<2026.3.13

CVE-2026-32914

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Open Source OpenClaw <2026.3.13 Open Source / OpenClaw		<2026.3.13

CVE-2026-32915

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Open Source OpenClaw <2026.3.13 Open Source / OpenClaw		<2026.3.13

CVE-2026-32917

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Open Source OpenClaw <2026.3.13 Open Source / OpenClaw		<2026.3.13

CVE-2026-32971

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Open Source OpenClaw <2026.3.13 Open Source / OpenClaw		<2026.3.13

CVE-2026-32972

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Open Source OpenClaw <2026.3.13 Open Source / OpenClaw		<2026.3.13

CVE-2026-32974

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Open Source OpenClaw <2026.3.13 Open Source / OpenClaw		<2026.3.13

CVE-2026-32980

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Open Source OpenClaw <2026.3.13 Open Source / OpenClaw		<2026.3.13

CVE-2026-32988

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Open Source OpenClaw <2026.3.13 Open Source / OpenClaw		<2026.3.13

CVE-2026-33572

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Open Source OpenClaw <2026.3.13 Open Source / OpenClaw		<2026.3.13

CVE-2026-33573

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Open Source OpenClaw <2026.3.13 Open Source / OpenClaw		<2026.3.13

References

13 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://github.com/advisories/GHSA-2rqg-gjgv-84jm	external
https://github.com/advisories/GHSA-4w7m-58cg-cmff	external
https://github.com/advisories/GHSA-g353-mgv3-8pcj	external
https://github.com/advisories/GHSA-mj4p-rc52-m843	external
https://github.com/advisories/GHSA-r7vr-gr74-94p8	external
https://github.com/advisories/GHSA-rqpp-rjj8-7wv8	external
https://github.com/advisories/GHSA-rw39-5899-8mxp	external
https://github.com/advisories/GHSA-vmhq-cqm9-6p7q	external
https://github.com/openclaw/openclaw/security/adv…	external
https://github.com/openclaw/openclaw/security/adv…	external
https://github.com/openclaw/openclaw/security/adv…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "OpenClaw ist ein pers\u00f6nlicher KI-Assistent zur Ausf\u00fchrung auf eigenen Ger\u00e4ten.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in OpenClaw ausnutzen, um beliebigen Code auszuf\u00fchren, erweiterte Berechtigungen \u2013 sogar Administratorrechte \u2013 zu erlangen, Daten zu manipulieren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren oder andere, nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0727 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0727.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0727 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0727"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2026-03-15",
        "url": "https://github.com/advisories/GHSA-2rqg-gjgv-84jm"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2026-03-15",
        "url": "https://github.com/advisories/GHSA-4w7m-58cg-cmff"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2026-03-15",
        "url": "https://github.com/advisories/GHSA-g353-mgv3-8pcj"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2026-03-15",
        "url": "https://github.com/advisories/GHSA-mj4p-rc52-m843"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2026-03-15",
        "url": "https://github.com/advisories/GHSA-r7vr-gr74-94p8"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2026-03-15",
        "url": "https://github.com/advisories/GHSA-rqpp-rjj8-7wv8"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2026-03-15",
        "url": "https://github.com/advisories/GHSA-rw39-5899-8mxp"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2026-03-15",
        "url": "https://github.com/advisories/GHSA-vmhq-cqm9-6p7q"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2026-03-15",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-g2f6-pwvx-r275"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2026-03-15",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jq3f-vjww-8rq7"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2026-03-15",
        "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vr7j-g7jv-h5mp"
      }
    ],
    "source_lang": "en-US",
    "title": "OpenClaw: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-03-31T22:00:00.000+00:00",
      "generator": {
        "date": "2026-04-01T09:59:16.780+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0727",
      "initial_release_date": "2026-03-15T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-03-15T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-03-22T23:00:00.000+00:00",
          "number": "2",
          "summary": "CVE erg\u00e4nzt"
        },
        {
          "date": "2026-03-29T22:00:00.000+00:00",
          "number": "3",
          "summary": "CVE-Nummern erg\u00e4nzt"
        },
        {
          "date": "2026-03-31T22:00:00.000+00:00",
          "number": "4",
          "summary": "CVE\u0027s erg\u00e4nzt"
        }
      ],
      "status": "final",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c2026.3.13",
                "product": {
                  "name": "Open Source OpenClaw \u003c2026.3.13",
                  "product_id": "T051742"
                }
              },
              {
                "category": "product_version",
                "name": "2026.3.13",
                "product": {
                  "name": "Open Source OpenClaw 2026.3.13",
                  "product_id": "T051742-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:openclaw:openclaw:2026.3.13"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OpenClaw"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-22172",
      "product_status": {
        "known_affected": [
          "T051742"
        ]
      },
      "release_date": "2026-03-15T23:00:00.000+00:00",
      "title": "CVE-2026-22172"
    },
    {
      "cve": "CVE-2026-32914",
      "product_status": {
        "known_affected": [
          "T051742"
        ]
      },
      "release_date": "2026-03-15T23:00:00.000+00:00",
      "title": "CVE-2026-32914"
    },
    {
      "cve": "CVE-2026-32915",
      "product_status": {
        "known_affected": [
          "T051742"
        ]
      },
      "release_date": "2026-03-15T23:00:00.000+00:00",
      "title": "CVE-2026-32915"
    },
    {
      "cve": "CVE-2026-32917",
      "product_status": {
        "known_affected": [
          "T051742"
        ]
      },
      "release_date": "2026-03-15T23:00:00.000+00:00",
      "title": "CVE-2026-32917"
    },
    {
      "cve": "CVE-2026-32971",
      "product_status": {
        "known_affected": [
          "T051742"
        ]
      },
      "release_date": "2026-03-15T23:00:00.000+00:00",
      "title": "CVE-2026-32971"
    },
    {
      "cve": "CVE-2026-32972",
      "product_status": {
        "known_affected": [
          "T051742"
        ]
      },
      "release_date": "2026-03-15T23:00:00.000+00:00",
      "title": "CVE-2026-32972"
    },
    {
      "cve": "CVE-2026-32974",
      "product_status": {
        "known_affected": [
          "T051742"
        ]
      },
      "release_date": "2026-03-15T23:00:00.000+00:00",
      "title": "CVE-2026-32974"
    },
    {
      "cve": "CVE-2026-32980",
      "product_status": {
        "known_affected": [
          "T051742"
        ]
      },
      "release_date": "2026-03-15T23:00:00.000+00:00",
      "title": "CVE-2026-32980"
    },
    {
      "cve": "CVE-2026-32988",
      "product_status": {
        "known_affected": [
          "T051742"
        ]
      },
      "release_date": "2026-03-15T23:00:00.000+00:00",
      "title": "CVE-2026-32988"
    },
    {
      "cve": "CVE-2026-33572",
      "product_status": {
        "known_affected": [
          "T051742"
        ]
      },
      "release_date": "2026-03-15T23:00:00.000+00:00",
      "title": "CVE-2026-33572"
    },
    {
      "cve": "CVE-2026-33573",
      "product_status": {
        "known_affected": [
          "T051742"
        ]
      },
      "release_date": "2026-03-15T23:00:00.000+00:00",
      "title": "CVE-2026-33573"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-32915 (GCVE-0-2026-32915)

CNVD-2026-16679

FKIE_CVE-2026-32915

GHSA-8JFX-RQJM-9JHF

WID-SEC-W-2026-0727

Tags

Sightings

Nomenclature