PT-2026-28447 · Openclaw · Openclaw
Tdjackey
·
Publicado
2026-03-29
·
Atualizado
2026-03-31
·
CVE-2026-32915
CVSS v3.1
8.8
Alta
| Vetor | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OpenClaw versions prior to 2026.3.11
Description
OpenClaw before version 2026.3.11 contains a sandbox boundary bypass issue. This allows leaf subagents to access the subagents control surface and resolve against a parent requester scope instead of their own session tree. A low-privilege sandboxed leaf worker can exploit insufficient authorization checks on subagent control requests to steer or kill sibling runs and cause execution with broader tool policies.
Recommendations
Update OpenClaw to version 2026.3.11 or later.
Correção
Incorrect Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Openclaw