CVE-2026-32916

CriticalPublic PoC

Published: 31 March 2026

Published

31 March 2026

Modified

02 April 2026

KEV Added

—

Patch

—

CVSS Score 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

EPSS Score 0.0010 27.6th percentile

Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Description

OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization bypass vulnerability where plugin subagent routes execute gateway methods through a synthetic operator client with broad administrative scopes. Remote unauthenticated requests to plugin-owned routes can invoke runtime.subagent methods to perform privileged gateway…

actions including session deletion and agent execution.

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations for access to system resources, directly preventing the authorization bypass via plugin subagent routes using synthetic operator clients with broad scopes.

AC-6 Least Privilege good match

prevent

Requires least privilege for processes acting on behalf of users, mitigating broad administrative scopes assigned to synthetic clients that enable privileged gateway actions.

AC-25 Reference Monitor good match

prevent

Mandates a reference monitor mechanism to enforce access control policies, addressing the failure to mediate unauthorized calls to runtime.subagent methods through plugin routes.

Security SummaryAI

CVE-2026-32916 is an authorization bypass vulnerability (CWE-266) in OpenClaw versions 2026.3.7 before 2026.3.11. The issue arises because plugin subagent routes execute gateway methods through a synthetic operator client with broad administrative scopes, allowing unauthorized access to privileged functions.

Remote unauthenticated attackers can exploit this by sending requests to plugin-owned routes, which invoke runtime.subagent methods to perform privileged gateway actions, including session deletion and agent execution. The vulnerability carries a CVSS v3.1 base score of 9.4 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L), enabling network-based exploitation with low complexity, no privileges or user interaction required, and significant impacts on confidentiality and integrity.

Advisories published on the OpenClaw GitHub security page (GHSA-xw77-45gv-p728) and VulnCheck (https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-plugin-subagent-routes-via-synthetic-admin-scopes) address the vulnerability, with mitigation achieved by upgrading to OpenClaw version 2026.3.11 or later.

Details

CWE(s): CWE-266

Affected Products

openclaw

2026.3.7 — 2026.3.11

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Authorization bypass in public-facing OpenClaw enables remote unauthenticated exploitation of the application (T1190) and directly grants administrative privileges via synthetic operator scopes (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-xw77-45gv-p728
Vendor Advisory · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-plugin-subagent-routes-via-synthetic-admin-scopes
Third Party Advisory · disclosure@vulncheck.com