PT-2026-28447 · Openclaw · Openclaw
Tdjackey
·
Published
2026-03-29
·
Updated
2026-03-31
·
CVE-2026-32915
CVSS v3.1
8.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OpenClaw versions prior to 2026.3.11
Description
OpenClaw before version 2026.3.11 contains a sandbox boundary bypass issue. This allows leaf subagents to access the subagents control surface and resolve against a parent requester scope instead of their own session tree. A low-privilege sandboxed leaf worker can exploit insufficient authorization checks on subagent control requests to steer or kill sibling runs and cause execution with broader tool policies.
Recommendations
Update OpenClaw to version 2026.3.11 or later.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openclaw