What is the CVSS score of EUVD-2026-13966?

EUVD-2026-13966 has a CVSS 3.1 base score of 4.8 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of Openclaw are affected by EUVD-2026-13966?

CVE-2026-32065 presents moderate security risk rated CVSS 4.8. Exploitation could compromise the security of affected deployments. Proof-of-concept code is publicly available.. A patch is available.

Is there a public PoC exploit available for EUVD-2026-13966?

Yes, a public proof-of-concept exploit is available for EUVD-2026-13966. Prioritise patching immediately. EPSS: 0.0%.

Openclaw EUVD-2026-13966

| CVE-2026-32065 MEDIUM

Interpretation Conflict (CWE-436)

2026-03-21 VulnCheck

Authentication Bypass Openclaw

4.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

4.8 MEDIUM

AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Lifecycle Timeline

PoC Detected

Mar 24, 2026 - 21:09 vuln.today

Public exploit code

EUVD ID Assigned

Mar 21, 2026 - 01:00 euvd

EUVD-2026-13966

Analysis Generated

Mar 21, 2026 - 01:00 vuln.today

Patch released

Mar 21, 2026 - 01:00 nvd

Patch available

CVE Published

Mar 21, 2026 - 00:42 nvd

MEDIUM 4.8

DescriptionCVE.org

OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered command text is used as approval identity while trimming argv token whitespace, but runtime execution uses raw argv. An attacker can craft a trailing-space executable token to execute a different binary than what the approver displayed, allowing unexpected command execution under the OpenClaw runtime user when they can influence command argv and reuse an approval context.

AnalysisAI

OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in the system.run function where the rendered command text displayed to approvers has whitespace trimmed from argv tokens, but the actual runtime execution uses the raw, untrimmed argv. An attacker with the ability to influence command arguments and reuse an approval context can craft a trailing-space executable token to execute a different binary than what was approved, resulting in arbitrary command execution under the OpenClaw runtime user. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	The CVSS v3.1 vector (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N) indicates network attack vector with high complexity and low privileges required, demanding user interaction (approval action), with high integrity impact and no confidentiality or availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A low-privileged authenticated user in an organization using OpenClaw crafts a command such as 'system.run /usr/bin/safe_tool ' (with a trailing space) and requests approval. The approval interface displays '/usr/bin/safe_tool' (trimmed), which appears legitimate and is approved by an administrator. …
Remediation	Upgrade OpenClaw to version 2026.2.25 or later immediately. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-53836 HIGH This Week

8.7 Jun 12

Remote code execution in OpenClaw before 2026.5.12 allows authenticated operators to bypass the PowerShell execution all

CVE-2026-53822 HIGH This Week

8.7 Jun 12

Command injection in OpenClaw before 2026.5.18 allows authenticated attackers to modify shell wrapper argv between appro

CVE-2026-53819 HIGH This Week

8.7 Jun 11

Arbitrary code execution in OpenClaw before 2026.5.27 lets attackers hijack the Homebrew executable resolved during skil

CVE-2026-53817 HIGH This Week

8.7 Jun 11

Authentication bypass in OpenClaw before 2026.5.22 allows authenticated network attackers to spoof locality information

CVE-2026-53821 HIGH This Week

8.7 Jun 12

Privilege escalation in OpenClaw before 2026.5.18 allows WebSocket-connected Control UI clients to claim operator.admin

EUVD-2026-13966 vulnerability details – vuln.today

Back

Openclaw EUVD-2026-13966

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Vulnerability AssessmentAI

Recommended ActionAI

More from same product – last 7 days

Share

External POC / Exploit Code