Skip to main content

OpenClaw CVE-2026-32906

| EUVDEUVD-2026-33333 LOW
Incorrect Authorization (CWE-863)
2026-05-29 disclosure@vulncheck.com GHSA-6c56-hgvp-5v87
2.3
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.3 LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
May 29, 2026 - 17:02 EUVD
Analysis Generated
May 29, 2026 - 16:53 vuln.today

DescriptionCVE.org

OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that allows exec-authorized users to resolve plugin approvals through the exec approver gate. Attackers with limited exec approval permissions can bypass intended approval splits to approve plugin actions outside operator configuration.

AnalysisAI

Privilege escalation in OpenClaw's Slack plugin approval workflow allows authenticated users holding limited exec permissions to bypass operator-configured approval splits by resolving plugin approvals through the exec approver gate - approving actions outside their intended authorization boundary. All OpenClaw versions before 2026.5.12 are affected when the Slack plugin is deployed with approval split configurations. No public exploit code has been identified and this vulnerability is not listed in CISA KEV; the CVSS 4.0 score of 2.3 accurately reflects its narrow real-world impact, constrained by prerequisites and a low impact ceiling.

Technical ContextAI

OpenClaw implements a multi-party authorization model for Slack plugin actions using configurable 'approval splits' - operator-defined gates that distribute resolution authority among distinct roles to enforce separation of duties. The exec approver gate is one such gate, intended for a specific tier of approval authority. CWE-863 (Incorrect Authorization) describes the root cause: the system incorrectly evaluates whether an exec-authorized user holds sufficient rights to resolve approvals through that gate, failing to enforce the operator-intended split. The CVSS 4.0 AT:P (Attack Requirements: Present) metric directly encodes that the vulnerability is only reachable under a specific deployment configuration - Slack plugin active with approval splits configured. No CPE strings were provided in the available intelligence; affected scope is derived from the vendor advisory and description alone.

RemediationAI

Upgrade to OpenClaw 2026.5.12 or later, which resolves the incorrect authorization in the exec approver gate per the vendor advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-wv26-j37q-2g7p. For deployments that cannot immediately upgrade, restrict exec approval permissions to only fully trusted personnel, which eliminates the risk surface by ensuring no potentially malicious insider holds exec-level authorization. Operators should also audit existing Slack plugin approval split configurations to verify that sensitive plugin actions require approval from roles beyond the exec gate alone - adding a secondary, independent approval role as a workaround trade-off (increased approval friction in exchange for authorization boundary enforcement). Note that disabling the Slack plugin entirely removes the attack surface without affecting non-Slack functionality.

CVE-2026-28446 CRITICAL POC
9.4 Mar 05

Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.

CVE-2026-33579 CRITICAL POC
9.4 Mar 31

Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b

CVE-2026-32042 HIGH POC
8.8 Mar 21

OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att

CVE-2026-32051 HIGH POC
8.8 Mar 21

An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.

CVE-2026-25253 HIGH POC
8.8 Feb 01

OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e

CVE-2026-32846 HIGH POC
8.7 Mar 26

Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in

CVE-2026-32064 HIGH POC
7.7 Mar 21

OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all

CVE-2026-32055 HIGH POC
7.6 Mar 21

OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director

CVE-2026-32056 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func

CVE-2026-32049 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste

CVE-2026-32048 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low

CVE-2026-25474 HIGH POC
7.5 Feb 19

OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec

Share

CVE-2026-32906 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy