CVE-2026-32916 in OpenClawИнформация

Сводка (Английский)

OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization bypass vulnerability where plugin subagent routes execute gateway methods through a synthetic operator client with broad administrative scopes. Remote unauthenticated requests to plugin-owned routes can invoke runtime.subagent methods to perform privileged gateway actions including session deletion and agent execution.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Ответственный

VulnCheck

Резервировать

16.03.2026

Раскрытие

31.03.2026

Статус

Подтверждённый

Записи

VulDB provides additional information and datapoints for this CVE:

ИД	Уязвимость	CWE	Экс	Кон	CVE
354376	OpenClaw эскалация привилегий	266	Не определено	Официальное исправление	CVE-2026-32916

Описание

CPE

CWE

CVSS

Эксплойты

История

Разница

Связать

Разведка угроз

API JSON

API XML

API CSV

Источники

◂ ПредыдущийОбзорДалее ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!