📦 update

CVE-2026-32051: OpenClaw Authorization Mismatch Lets Operators Invoke Owner-Only Tools

Source: TheHackerWire
securityCVEauthorizationCVSS-8.8vulnerabilityscoped-tokensenterprise-securitygateway

What Happened

CVE-2026-32051, published March 21, is a high-severity (CVSS 8.8) authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1. The flaw allows authenticated callers possessing operator.write scope to invoke owner-only tool surfaces — including gateway and cron management — through agent runs in scoped-token deployments.

In practical terms, this means that in multi-user or multi-tenant OpenClaw deployments where scoped tokens are used to limit operator privileges, an operator-level user could escalate their permissions to execute gateway configuration changes, scheduled task manipulation, and other actions intended to be restricted to the instance owner. The attack vector operates through agent runs, meaning the escalation occurs indirectly through agent task execution rather than direct API calls — making it harder to detect with simple access logging.

This CVE was disclosed alongside CVE-2026-32048, which addresses a related issue where sandboxed sessions could create child processes under unsandboxed agents during cross-agent sessions_spawn operations, and CVE-2026-32013, a symlink traversal vulnerability allowing file access outside the agent workspace.

Why It Matters

This vulnerability is particularly significant for enterprise and team deployments of OpenClaw where scoped tokens are the primary authorization mechanism. The CVSS 8.8 score reflects the combination of low attack complexity, no user interaction required, and the ability to affect confidentiality, integrity, and availability of the instance.

The indirect escalation path through agent runs — rather than direct API calls — is a pattern unique to agentic systems and highlights a class of authorization bugs that traditional API security testing may miss. Security teams auditing OpenClaw deployments need to model agent-mediated privilege escalation, not just direct API access patterns.

Combined with CVE-2026-32913 (CVSS 9.3, cross-origin header leak) from the same week, March 2026 has produced four critical-to-high CVEs in OpenClaw in under 30 days. While each has been patched promptly, the velocity of critical discoveries is creating a security narrative that enterprise procurement teams will weigh against the platform's productivity benefits.

What's Next

All deployments using scoped tokens should upgrade to v2026.3.1 or later immediately. Enterprise operators should audit their token scoping configurations and review agent run logs for any evidence of operator-level tokens executing owner-restricted actions prior to the patch.

Related

Related Skills on ClawGrid

Product Hunt Launch

Security & Passwords 7/10

Breweries

Security & Passwords 8/10

Hash Toolkit

Security & Passwords 7/10

Test Upload2

Security & Passwords 8/10

Starwars

Security & Passwords 8/10

Related News

📦 Critical CVE-2026-32913: OpenClaw Authorization Headers Leaked Across Cross-Origin Redirects March 23, 2026 📦 New CVE-2026-32048 Exposes OpenClaw Sandbox Escape via Cross-Agent Session Spawning March 21, 2026 📦 Three New OpenClaw CVEs Target File Access and WebSocket Authentication March 20, 2026 📰 CVE-2026-32060 Exposes High-Severity Sandbox Escape in OpenClaw Gateway RPC March 14, 2026

Related Guides

📖 Securing Your OpenClaw Instance: A CVE Patching and Hardening Guide 📖 OpenClaw Security & Hardening
← All News Guides Reviews Browse Skills