CVE-2026-32914

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.12

Description OpenClaw before version 2026.3.12 has an insufficient access control issue in the /config and /debug command handlers. Command-authorized non-owners can access owner-only surfaces, allowing them to read or modify privileged configuration settings. The issue stems from missing owner-level permission checks within these handlers. Exploitation requires existing command authorization, and does not require a specific network position. The /config and /debug API endpoints are affected. The vulnerable parameters are not specified.

Recommendations Update OpenClaw to version 2026.3.12 or later.