CVE-2026-32036

MEDIUM
2026-03-19 [email protected] GHSA-mwxv-35wr-4vvj
6.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
None

Lifecycle Timeline

3
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 19, 2026 - 22:30 vuln.today
CVE Published
Mar 19, 2026 - 22:16 nvd
MEDIUM 6.5

Tags

Path Traversal

Description

OpenClaw gateway plugin versions prior to 2026.2.26 contain a path traversal vulnerability that allows remote attackers to bypass route authentication checks by manipulating /api/channels paths with encoded dot-segment traversal sequences. Attackers can craft alternate paths using encoded traversal patterns to access protected plugin channel routes when handlers normalize the incoming path, circumventing security controls.

Analysis

OpenClaw gateway plugin versions before 2026.2.26 allow remote attackers to bypass authentication by exploiting path traversal in the /api/channels endpoint through encoded dot-segment sequences. Attackers can manipulate these paths to access protected plugin routes that should be restricted, gaining unauthorized access to sensitive channel functionality. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 30 days: Identify affected systems running versions and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

33
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +32
POC: 0

Share

CVE-2026-32036 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy