CVE-2026-32001 in OpenClawinformação

Sumário

de MITRE • 20/03/2026

OpenClaw versions prior to 2026.2.22 contain an authentication bypass vulnerability that allows clients authenticated with a shared gateway token to connect as role=node without device identity verification. Attackers can exploit this by claiming the node role during WebSocket handshake to inject unauthorized node.event calls, triggering agent.request and voice.transcript flows without proper device pairing.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

VulnCheck

Reservar

10/03/2026

Divulgação

20/03/2026

Moderação

aceite

Entrada

VDB-351862

CPE

pronto

EPSS

0.00069

KEV

não

Atividades

muito baixo

Sector

Chemical, Finance, ...

Fontes

MITREhttps://www.cve.org/CVERecord?id=CVE-2026-32001
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2026-32001
CVE Detailshttps://www.cvedetails.com/cve/CVE-2026-32001/

VoltarVisão GeralPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!