CVE-2026-32915 in OpenClawinfo

Summary

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf worker can steer or kill sibling runs and cause execution with broader tool policies by exploiting insufficient authorization checks on subagent control requests.

Responsible

VulnCheck

Reservation

03/16/2026

Disclosure

03/29/2026

Entries

Published	Base	Temp	Vulnerability	CWE	Prod	Exp	Cou	EPSS	CTI	CVE
03/29/2026	7.1	6.9	OpenClaw authorization	863	Artificial Intelligence Software	Not defined	Official fix	0.00000	3.30	CVE-2026-32915

Show more

Description
Changes
Cyber Threat Intelligence
API/JSON

◂ PreviousOverviewNext ▸

Do you know our Splunk app?

Download it now for free!