CVE-2026-32915 in OpenClaw
Сводка (Английский)
OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf worker can steer or kill sibling runs and cause execution with broader tool policies by exploiting insufficient authorization checks on subagent control requests.
Ответственный
VulnCheck
Резервировать
16.03.2026
Раскрытие
29.03.2026
Записи
| Опубликовано | База | Темп | Уязвимость | CWE | Прод | Экс | Кон | EPSS | CTI | CVE |
|---|---|---|---|---|---|---|---|---|---|---|
| 29.03.2026 | 7.1 | 6.9 | OpenClaw эскалация привилегий | 863 | Artificial Intelligence Software | Не определено | Официальное исправление | 0.00000 | 3.29+ | CVE-2026-32915 |