CVE-2026-32976

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.11

Description A flaw exists in OpenClaw that allows authorized users on one account to bypass authorization restrictions and modify configuration settings on other accounts, even when those accounts have configWrites set to false. This occurs through the execution of channel commands, such as /config set channels.<provider>.accounts.<id>, which are intended to modify configuration. The issue allows mutation of protected sibling-account configuration despite configWrites restrictions.

Recommendations Update to version 2026.3.11 or later.