CVE-2026-33573 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: March 30, 2026
OpenClaw - Authorization Bypass
Overview
OpenClaw < 2026.3.11 contains an authorization bypass caused by improper validation of spawnedBy and workspaceDir values in gateway agent RPC, letting authenticated operators with operator.write permission escape workspace boundaries and execute arbitrary file and exec operations.
Severity & Score
Impact
Authenticated operators can escape workspace boundaries and execute arbitrary file and command operations, potentially compromising system integrity.
Mitigation
Update to version 2026.3.11 or later.
References
Social Media Activity(2 posts)
š CVE-2026-33573 - High (8.8) OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC that allows authenticated operators with operator.write permission to override workspace boundaries by supplying attacker-controlled spawnedBy and wo... š https://www.thehackerwire.com/vulnerability/CVE-2026-33573/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postš CVE-2026-33573 - High (8.8) OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC that allows authenticated operators with operator.write permission to override workspace boundaries by supplying attacker-controlled spawnedBy and wo... š https://www.thehackerwire.com/vulnerability/CVE-2026-33573/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-33573
- Severity
- High
- CVSS Score
- 8.8
- Type
- broken_access_control
- Status
- confirmed
- EPSS
- 4.5%
- Social Posts
- 2
CWE
- CWE-668
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H