CVE-2026-32921

Published: Mar 31, 2026 Last Modified: Mar 31, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,3

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

MEDIUM 6,3

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: low

Integrity: low

Availability: low

Description

AI Translation Available

OpenClaw before 2026.3.8 contains an approval bypass vulnerability in system.run where mutable script operands are not bound across approval and execution phases. Attackers can obtain approval for script execution, modify the approved script file before execution, and execute different content while maintaining the same approved command shape.

367

Time-of-check Time-of-use (TOCTOU) Race Condition

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Other Non-Repudiation

Potential Impacts:

Alter Execution Logic Unexpected State Modify Application Data Modify Files Or Directories Modify Memory Other Hide Activities

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: Medium

View CWE Details

https://github.com/openclaw/openclaw/commit/c76d29208bf6a7f…

https://github.com/openclaw/openclaw/commit/c76d29208bf6a7f058d2cf582519d28069e…

https://github.com/openclaw/openclaw/commit/cf3a479bd1204f6…

https://github.com/openclaw/openclaw/commit/cf3a479bd1204f62eef7dd82b4aa328749a…

https://github.com/openclaw/openclaw/security/advisories/GH…

https://github.com/openclaw/openclaw/security/advisories/GHSA-8g75-q649-6pv6

https://www.vulncheck.com/advisories/openclaw-script-conten…

https://www.vulncheck.com/advisories/openclaw-script-content-modification-via-m…