CVE-2026-32058
Approval Context-Binding Weakness in OpenClaw Enables Execution Bypass
Publication date: 2026-03-21
Last updated on: 2026-03-24
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.2.26 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can allow an attacker with low privileges and user interaction to bypass execution-integrity controls by reusing approved requests with modified environment variables.
As a result, unauthorized or unexpected command executions may occur within approval-enabled workflows, potentially impacting the integrity of the system.
The impact on confidentiality, integrity, and availability is low but still significant in contexts relying on strict execution approvals.
Exploitation complexity is low but requires access to an approval ID and user interaction.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of CVE-2026-32058 involves identifying usage of the OpenClaw package versions prior to 2026.2.26 that use system.run with host=node and approval-enabled workflows.
Specifically, you should check if your system is running OpenClaw versions β€ 2026.2.25 and if the system.run approval mechanism is used with exec approvals enabled.
Since the vulnerability involves reuse of approval IDs with modified environment variables, monitoring for unusual reuse of approval IDs or changes in environment variables in approval requests could indicate exploitation attempts.
No explicit detection commands are provided in the available resources.
Can you explain this vulnerability to me?
CVE-2026-32058 is a vulnerability in OpenClaw versions prior to 2026.2.26 that involves an approval context-binding weakness in the system.run execution flow when using host=node.
This weakness allows attackers who have access to an approval ID to reuse previously approved requests but with modified environment variables. Because the approval mechanism did not strictly bind approvals to specific execution contexts, attackers can bypass execution-integrity controls in workflows that require approval.
The core issue was that the approval matching lacked a strict, versioned binding to command arguments, working directory, session context, and environment hash, allowing reuse of approvals with altered environment inputs.
The vulnerability is configuration-dependent and affects the integrity of execution approvals in node-host workflows.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade OpenClaw to version 2026.2.26 or later, where the vulnerability has been fixed by enforcing strict, versioned approval bindings for system.run executions with host=node.
The fix includes requiring versioned binding called systemRunBindingV1 that binds approvals to command arguments, current working directory, session context, and environment hash, preventing reuse of approvals with modified environment variables.
Additionally, ensure that exec approvals are properly configured and that legacy non-versioned fallback matching is disabled or removed.
Blocking or monitoring environment variables such as GIT_EXTERNAL_DIFF, which is explicitly blocked in the patched version, can also help reduce risk.
Review and harden sandbox and filesystem boundary policies as per the updated security policy in the patched version.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know