What is the CVSS score of CVE-2026-32898?

CVE-2026-32898 has a CVSS 3.1 base score of 5.4 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N. EPSS exploitation probability: 0.0%.

Which versions of Openclaw are affected by CVE-2026-32898?

CVE-2026-32898 presents moderate security risk rated CVSS 5.4. Exploitation could compromise the security of affected deployments. Proof-of-concept code is publicly available.. A patch is available.

Is there a public PoC exploit available for CVE-2026-32898?

Yes, a public proof-of-concept exploit is available for CVE-2026-32898. Prioritise patching immediately. EPSS: 0.0%.

Openclaw CVE-2026-32898

EUVD-2026-13976 MEDIUM

Reliance on Untrusted Inputs in a Security Decision (CWE-807)

2026-03-21 VulnCheck

Authentication Bypass Openclaw

5.4

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

5.4 MEDIUM

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

PoC Detected

Mar 24, 2026 - 21:07 vuln.today

Public exploit code

EUVD ID Assigned

Mar 21, 2026 - 01:00 euvd

EUVD-2026-13976

Analysis Generated

Mar 21, 2026 - 01:00 vuln.today

Patch released

Mar 21, 2026 - 01:00 nvd

Patch available

CVE Published

Mar 21, 2026 - 00:42 nvd

MEDIUM 5.4

DescriptionCVE.org

OpenClaw versions prior to 2026.2.23 contain an authorization bypass vulnerability in the ACP client that auto-approves tool calls based on untrusted toolCall.kind metadata and permissive name heuristics. Attackers can bypass interactive approval prompts for read-class operations by spoofing tool metadata or using non-core read-like names to reach auto-approve paths.

AnalysisAI

OpenClaw versions prior to 2026.2.23 contain an authorization bypass vulnerability in the ACP (Approval Control Panel) client that automatically approves tool calls based on untrusted metadata and overly permissive heuristics. An authenticated attacker with PR (privileges required) can bypass interactive approval prompts for read-class operations by spoofing toolCall.kind metadata or using non-core read-like function names to reach auto-approve execution paths. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	The CVSS 3.1 score of 5.4 (Medium) reflects moderate real-world risk with favorable attack conditions: the vulnerability requires low attack complexity (AC:L), network accessibility (AV:N), but mandates user privileges (PR:L), limiting opportunistic exploitation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A low-privileged authenticated user with access to OpenClaw's ACP client crafts a malicious tool invocation with a spoofed toolCall.kind metadata field (e.g., setting kind to a value matching permissive read-heuristics) or uses a function name like read_sensitive_data that matches non-core naming patterns. Due to insufficient metadata validation, the ACP client automatically approves the operation and executes it without presenting an interactive approval prompt, allowing the attacker to read confidential data or modify system state without authorization. …
Remediation	Upgrade OpenClaw to version 2026.2.23 or later immediately. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-53836 HIGH This Week

8.7 Jun 12

Remote code execution in OpenClaw before 2026.5.12 allows authenticated operators to bypass the PowerShell execution all

CVE-2026-53822 HIGH This Week

8.7 Jun 12

Command injection in OpenClaw before 2026.5.18 allows authenticated attackers to modify shell wrapper argv between appro

CVE-2026-53819 HIGH This Week

8.7 Jun 11

Arbitrary code execution in OpenClaw before 2026.5.27 lets attackers hijack the Homebrew executable resolved during skil

CVE-2026-53817 HIGH This Week

8.7 Jun 11

Authentication bypass in OpenClaw before 2026.5.22 allows authenticated network attackers to spoof locality information

CVE-2026-53821 HIGH This Week

8.7 Jun 12

Privilege escalation in OpenClaw before 2026.5.18 allows WebSocket-connected Control UI clients to claim operator.admin

CVE-2026-32898 vulnerability details – vuln.today

Back

Openclaw CVE-2026-32898

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Vulnerability AssessmentAI

Recommended ActionAI

More from same product – last 7 days

Share

External POC / Exploit Code