What is the CVSS score of CVE-2026-32046?

CVE-2026-32046 has a CVSS 3.1 base score of 5.3 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L. EPSS exploitation probability: 0.0%.

Which versions of Chrome are affected by CVE-2026-32046?

CVE-2026-32046 presents moderate security risk rated CVSS 5.3. Exploitation could compromise the security of affected deployments. Proof-of-concept code is publicly available.. A patch is available.

Is there a public PoC exploit available for CVE-2026-32046?

Yes, a public proof-of-concept exploit is available for CVE-2026-32046. Prioritise patching immediately. EPSS: 0.0%.

Chrome CVE-2026-32046

EUVD-2026-13941 MEDIUM

Initialization of a Resource with an Insecure Default (CWE-1188)

2026-03-21 VulnCheck

GHSA-q94v-v6m9-jhq9

RCE Google Chrome

5.3

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

5.3 MEDIUM

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

PoC Detected

Mar 24, 2026 - 19:12 vuln.today

Public exploit code

EUVD ID Assigned

Mar 21, 2026 - 01:00 euvd

EUVD-2026-13941

Analysis Generated

Mar 21, 2026 - 01:00 vuln.today

Patch released

Mar 21, 2026 - 01:00 nvd

Patch available

CVE Published

Mar 21, 2026 - 00:42 nvd

MEDIUM 5.3

DescriptionCVE.org

OpenClaw versions prior to 2026.2.21 contain an improper sandbox configuration vulnerability that allows attackers to execute arbitrary code by exploiting renderer-side vulnerabilities without requiring a sandbox escape. Attackers can leverage the disabled OS-level sandbox protections in the Chromium browser container to achieve code execution on the host system.

AnalysisAI

OpenClaw versions prior to 2026.2.21 contain an improper sandbox configuration vulnerability (CWE-1188) that allows local attackers with low privileges to execute arbitrary code on the host system by exploiting disabled OS-level sandbox protections in the Chromium browser container. The vulnerability does not require a sandbox escape, making exploitation straightforward for local users. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	The CVSS 3.1 score of 5.3 (Medium severity) reflects the local attack vector (AV:L), low attack complexity (AC:L), and low privilege requirement (PR:L), indicating realistic exploitability by local users without special knowledge. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A local user on a shared OpenClaw system identifies that the Chromium renderer sandbox is disabled due to improper configuration. They craft a malicious webpage or leverage a pre-existing renderer vulnerability (e.g., a use-after-free in the V8 engine) to achieve code execution within the renderer process. …
Remediation	Upgrade OpenClaw to version 2026.2.21 or later immediately, following the vendor security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-43x4-g22p-3hrq. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-12440 CRITICAL Act Now

9.6 Jun 17

Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to po

CVE-2026-12443 HIGH This Week

8.8 Jun 17

Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbit

CVE-2026-12442 HIGH This Week

8.8 Jun 17

Use after free in Passwords in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to execute arb

CVE-2026-12447 HIGH This Week

8.8 Jun 17

Heap buffer overflow in WebRTC in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary c

CVE-2026-12441 HIGH This Week

8.8 Jun 17

Use after free in File Input in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker to potentially

CVE-2026-32046 vulnerability details – vuln.today

Back

Chrome CVE-2026-32046

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Vulnerability AssessmentAI

Recommended ActionAI

More from same product – last 7 days

Share

External POC / Exploit Code