CVE-2026-33573 in OpenClawinformación

Resumen (Inglés)

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC that allows authenticated operators with operator.write permission to override workspace boundaries by supplying attacker-controlled spawnedBy and workspaceDir values. Remote operators can escape the configured workspace boundary and execute arbitrary file and exec operations from any process-accessible directory.

Responsable

VulnCheck

Reservar

2026-03-23

Divulgación

2026-03-29

Voces

Fecha de publicación	Base	Temp	Vulnerabilidad	CWE	Prod	Exp	Con	EPSS	CTI	CVE
2026-03-29	7.6	7.4	OpenClaw divulgación de información	668	Artificial Intelligence Software	No está definido	Arreglo oficial	0.00000	4.26	CVE-2026-33573

Mostrar más

Descripción
Cambios
Inteligencia de amenazas
API/JSON

◂ AnteriorVisión De ConjuntoPróximo ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!