CVE-2026-32978 in OpenClaw
摘要 (英语)
OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable file operands for certain script runners like tsx and jiti. Attackers can obtain approval for benign script commands, rewrite referenced scripts on disk, and execute modified code under the approved run context.
负责
VulnCheck
预定
2026-03-17
披露
2026-03-29
条目
| 已发布 | 基础 | 临时 | 漏洞 | CWE | 产品 | 可利用 | 对策 | EPSS | CTI | CVE |
|---|---|---|---|---|---|---|---|---|---|---|
| 2026-03-29 | 6.5 | 6.4 | OpenClaw 权限提升 | 863 | Artificial Intelligence Software | 未定义 | 官方修复 | 0.00000 | 6.22 | CVE-2026-32978 |