CVE-2026-33573 in OpenClawinformation

Résumé (Anglaise)

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC that allows authenticated operators with operator.write permission to override workspace boundaries by supplying attacker-controlled spawnedBy and workspaceDir values. Remote operators can escape the configured workspace boundary and execute arbitrary file and exec operations from any process-accessible directory.

Responsable

VulnCheck

Réserver

23/03/2026

Divulgation

29/03/2026

Entrées

Publié	Base	Temp	Vulnérabilité	CWE	Prod	Exp	Con	EPSS	CTI	CVE
29/03/2026	7.6	7.4	OpenClaw divulgation d'information	668	Artificial Intelligence Software	Non défini	Correctif officiel	0.00000	4.06+	CVE-2026-33573

Montrer plus

Description
Changements
Renseignements sur les menaces
API/JSON

◂ PrécédentAperçuSuivant ▸

Want to know what is going to be exploited?

We predict KEV entries!