CVE-2026-32916 - Vulnerability Analysis
CriticalCVSS: 9.4Last Updated: March 31, 2026
OpenClaw - Authorization Bypass
Overview
OpenClaw 2026.3.7 < 2026.3.11 contains an authorization bypass caused by plugin subagent routes executing gateway methods through a synthetic operator client, letting remote unauthenticated attackers perform privileged gateway actions.
Severity & Score
Impact
Remote attackers can perform privileged gateway actions including session deletion and agent execution, leading to full administrative control.
Mitigation
Upgrade to version 2026.3.11 or later.
References
Social Media Activity(2 posts)
š CVE-2026-32916 - High (7.7) OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization bypass vulnerability where plugin subagent routes execute gateway methods through a synthetic operator client with broad administrative scopes. Remote unauthenticated requests to... š https://www.thehackerwire.com/vulnerability/CVE-2026-32916/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-32916 - High (7.7) OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization bypass vulnerability where plugin subagent routes execute gateway methods through a synthetic operator client with broad administrative scopes. Remote unauthenticated requests to... š https://www.thehackerwire.com/vulnerability/CVE-2026-32916/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-32916
- Severity
- Critical
- CVSS Score
- 9.4
- Type
- broken_access_control
- Status
- new
- EPSS
- 6.6%
- Social Posts
- 2
CWE
- CWE-266
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L