Home / Vulnerability Intelligence / CVE-2026-33573

CVE-2026-33573 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 29, 2026

OpenClaw - Authorization Bypass

Published: March 29, 2026Updated: March 29, 2026Remote Exploitable

Overview

OpenClaw < 2026.3.11 contains an authorization bypass caused by improper validation of spawnedBy and workspaceDir values in gateway agent RPC, letting authenticated operators with operator.write permission escape workspace boundaries and execute arbitrary file and exec operations.

Severity & Score

Severity: High

CVSS Score: 8.8

Impact

Authenticated operators can escape workspace boundaries and execute arbitrary file and command operations, potentially compromising system integrity.

Mitigation

Update to version 2026.3.11 or later.

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-2rqg-gjgv-84jm
https://www.vulncheck.com/advisories/openclaw-workspace-boundary-bypass-via-agent-rpc-parameters

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-33573
Severity: High
CVSS Score: 8.8
Type: broken_access_control
Status: new

CWE

CWE-668

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H