CVE-2026-32979 | THREATINT

Description

OpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to execute rewritten local code by modifying scripts between approval and execution when exact file binding cannot occur. Remote attackers can change approved local scripts before execution to achieve unintended code execution as the OpenClaw runtime user.

PUBLISHED Reserved 2026-03-17 | Published 2026-03-29 | Updated 2026-03-30 | Assigner VulnCheck

HIGH: 7.0CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 7.3CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Problem types

Time-of-check Time-of-use (TOCTOU) Race Condition

Product status

Default status

unaffected

Any version before 2026.3.11

affected

2026.3.11 (semver)

unaffected

Credits

tdjackey reporter

References

github.com/...enclaw/security/advisories/GHSA-xf99-j42q-5w5p (GitHub Security Advisory (GHSA-xf99-j42q-5w5p)) third-party-advisory

www.vulncheck.com/...e-commands-bypass-in-node-host-approval (VulnCheck Advisory: OpenClaw < 2026.3.11 - Unbound Interpreter and Runtime Commands Bypass in node-host Approval) third-party-advisory

cve.org (CVE-2026-32979)

nvd.nist.gov (CVE-2026-32979)

Download JSON