CVE-2026-32972 in OpenClaw
요약 (영어)
OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing authenticated operators with only operator.write permission to access admin-only browser profile management routes through browser.request. Attackers can create or modify browser profiles and persist attacker-controlled remote CDP endpoints to disk without holding operator.admin privileges.
책임이 있는
VulnCheck
예약하다
2026. 03. 17.
공개
2026. 03. 29.
엔트리
| 아이디 | 취약성 | CWE | 기본 | 임시 | 0day | 오늘 | 악용 | KEV | EPSS | CTI | 대책 | CVE |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 354109 | OpenClaw CDP 권한 상승 | 863 | 6.2 | 6.1 | $0-$5k | $0-$5k | 정의되지 않음 | 0.00000 | 4.55- | 공식 수정 | CVE-2026-32972 |