Skip to main content

Openclaw EUVDEUVD-2026-17375

| CVE-2026-32921 MEDIUM
Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)
2026-03-31 VulnCheck GHSA-wwrj-437c-ppq4
5.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
EUVD ID Assigned
Mar 31, 2026 - 11:45 euvd
EUVD-2026-17375
Analysis Generated
Mar 31, 2026 - 11:45 vuln.today
Patch released
Mar 31, 2026 - 11:45 nvd
Patch available
CVE Published
Mar 31, 2026 - 11:17 nvd
MEDIUM 5.3

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 1 npm packages depend on openclaw (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 2026.3.8.

DescriptionCVE.org

OpenClaw before 2026.3.8 contains an approval bypass vulnerability in system.run where mutable script operands are not bound across approval and execution phases. Attackers can obtain approval for script execution, modify the approved script file before execution, and execute different content while maintaining the same approved command shape.

AnalysisAI

OpenClaw before 2026.3.8 allows authenticated remote attackers to bypass approval controls in the system.run function by obtaining approval for a script, modifying the approved script file before execution, and executing malicious content while preserving the approved command structure. This approval-execution window vulnerability enables privilege escalation and code execution with low complexity and no user interaction required. No public exploit code or active exploitation has been confirmed at the time of analysis.

Technical ContextAI

The vulnerability stems from a race condition (CWE-367: Time-of-Check Time-of-Use) in OpenClaw's approval workflow for the system.run function. The approval mechanism checks and binds script operands at approval time, but these bindings are not retained or re-validated during the execution phase. Attackers with authenticated access can modify mutable script operands on disk between approval grant and actual execution, allowing the executor to run different code than what was approved. This affects the script approval chain-of-custody in OpenClaw's workflow automation system (cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:*:*:*), where system.run is likely a critical function for executing arbitrary commands or scripts as part of orchestration workflows.

RemediationAI

Upgrade OpenClaw to version 2026.3.8 or later to obtain the vendor-released patch. The upstream fix is available via GitHub commits c76d29208bf6a7f058d2cf582519d28069e42240 and cf3a479bd1204f62eef7dd82b4aa328749ae6c91, which address the mutable operand binding vulnerability by ensuring script operands are immutably bound at approval time and validated against stored bindings at execution time. Users unable to immediately upgrade should restrict write access to approved script files and enforce separation of duties between approval and execution roles. For detailed remediation guidance, consult the official security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-8g75-q649-6pv6 and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-script-content-modification-via-mutable-operand-binding-in-system-run.

CVE-2026-28446 CRITICAL POC
9.4 Mar 05

Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.

CVE-2026-33579 CRITICAL POC
9.4 Mar 31

Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b

CVE-2026-32042 HIGH POC
8.8 Mar 21

OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att

CVE-2026-32051 HIGH POC
8.8 Mar 21

An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.

CVE-2026-25253 HIGH POC
8.8 Feb 01

OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e

CVE-2026-32846 HIGH POC
8.7 Mar 26

Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in

CVE-2026-32064 HIGH POC
7.7 Mar 21

OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all

CVE-2026-32055 HIGH POC
7.6 Mar 21

OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director

CVE-2026-32056 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func

CVE-2026-32049 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste

CVE-2026-32048 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low

CVE-2026-25474 HIGH POC
7.5 Feb 19

OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec

Share

EUVD-2026-17375 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy