PT-2026-28449 · Openclaw · Openclaw
Tdjackey
·
Publicado
2026-03-29
·
Atualizado
2026-03-31
·
CVE-2026-32919
CVSS v3.1
6.1
Média
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H |
Name of the Vulnerable Software and Affected Versions
OpenClaw versions prior to 2026.3.11
Description
The software contains an authorization bypass issue. Attackers possessing write-scoped access can execute admin-only session reset logic. Specifically, individuals with
operator.write scope can send agent requests, including '/new' or '/reset' commands, to alter conversation state without the necessary operator.admin privileges.Recommendations
Update to version 2026.3.11 or later.
Correção
Incorrect Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Openclaw