CVE-2026-32919 in OpenClaw
Summary
OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing write-scoped callers to reach admin-only session reset logic. Attackers with operator.write scope can issue agent requests containing /new or /reset slash commands to reset targeted conversation state without holding operator.admin privileges.
Responsible
VulnCheck
Reservation
03/16/2026
Disclosure
03/29/2026
Entries
| Published | Base | Temp | Vulnerability | CWE | Prod | Exp | Cou | EPSS | CTI | CVE |
|---|---|---|---|---|---|---|---|---|---|---|
| 03/29/2026 | 5.2 | 5.1 | OpenClaw authorization | 863 | Artificial Intelligence Software | Not defined | Official fix | 0.00000 | 3.40- | CVE-2026-32919 |