PT-2026-29229 · Openclaw · Openclaw

Tdjackey

Publicado

2026-03-12

Atualizado

2026-03-31

CVE-2026-32921

CVSS v3.1

6.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.8

Description The software contains an approval bypass issue in the system.run function where mutable script operands are not properly bound during the approval and execution stages. This allows attackers to gain approval for script execution, alter the approved script file before it runs, and then execute modified content while still appearing to execute the originally approved command.

Recommendations Update to version 2026.3.8 or later.

Correção

Improper Authorization

Time Of Check To Time Of Use

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-285CWE-367

Identificadores relacionados

CVE-2026-32921

GHSA-8G75-Q649-6PV6

GHSA-WWRJ-437C-PPQ4

Produtos afetados

Openclaw

PT-2026-29229 · Openclaw · Openclaw

CVE-2026-32921

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10