Vulnerability Report

CVE-2026-32979

Title: Remote Code Execution via Approval Integrity Bypass in OpenClaw

Arbitrary File Access

Proof Of Concept

No public PoC currently indexed for CVE-2026-32979.

CWE Category CWE-367

Published Date Mar 29, 2026

Modified Date Mar 30, 2026

Exploit Status Not Found

Score 7.0 CVSS v4.0

Exploit Probability (EPSS)

0.13%

Vulnerability Summary

CVE-2026-32979: OpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to execute rewritten local code by modifying scripts between approval and execution when exact file binding cannot occur. Remote attackers can change approved local scripts before execution to achieve unintended code execution as the OpenClaw runtime user.

Impacted Vendors

openclaw 1

Reference Links

https://github.com/openclaw/openclaw/security/advisories/GHSA-xf99-j42q-5w5p https://www.vulncheck.com/advisories/openclaw-unbound-interpreter-and-runtime-commands-bypass-in-node-host-approval

CVSS v4.0

Source Entity [email protected]

Severity HIGH

7.0

Attack Vector

LOCAL

Complexity

LOW

Privileges

N/A

Interaction

PASSIVE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

N/A

RAW VECTOR

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS v3.1

Source Entity [email protected]

Severity MEDIUM

6.7

Attack Vector

LOCAL

Complexity

HIGH

Privileges

N/A

Interaction

REQUIRED

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

UNCHANGED

RAW VECTOR CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS v3.1

Source Entity [email protected]

Severity HIGH

7.3

Attack Vector

LOCAL

Complexity

LOW

Privileges

N/A

Interaction

REQUIRED

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

UNCHANGED

RAW VECTOR CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Associated Attack Patterns (CAPEC)

Total: Patterns