CVE-2026-32972
Received Received - Intake
Authorization Bypass in OpenClaw Allows Privilege Escalation

Publication date: 2026-03-29

Last updated on: 2026-03-31

Assigner: VulnCheck

Description
OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing authenticated operators with only operator.write permission to access admin-only browser profile management routes through browser.request. Attackers can create or modify browser profiles and persist attacker-controlled remote CDP endpoints to disk without holding operator.admin privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-29
Last Modified
2026-03-31
Generated
2026-06-16
AI Q&A
2026-03-29
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32972
EUVD
EUVD-2026-17009
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.3.11 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows attackers with operator.write permissions to bypass authorization controls and modify browser profiles, including persisting attacker-controlled remote CDP endpoints to disk without admin privileges.

This unauthorized modification capability could lead to integrity violations and potential misuse of system configurations, which may impact compliance with standards and regulations that require strict access controls and data integrity, such as GDPR and HIPAA.

However, the provided information does not explicitly describe direct impacts on confidentiality or personal data breaches, nor does it specify compliance implications with these regulations.

Executive Summary

CVE-2026-32972 is an authorization bypass vulnerability in OpenClaw versions before 2026.3.11. It allows authenticated users who only have operator.write permissions to access administrative browser profile management routes through the browser.request function.

This flaw enables such users to create or modify browser profiles and persist attacker-controlled remote Chrome DevTools Protocol (CDP) endpoints to disk, actions that should be restricted to users with operator.admin privileges.

The root cause is an incorrect authorization check (CWE-863) that fails to properly enforce the admin boundary for browser profile creation.

Impact Analysis

This vulnerability can allow an attacker with limited operator.write privileges to escalate their capabilities by creating or modifying browser profiles and inserting attacker-controlled remote CDP endpoints.

Such unauthorized changes can compromise the integrity of the system by enabling persistent malicious configurations without requiring full admin privileges.

The impact includes a high integrity risk and a low availability risk, but no direct confidentiality impact.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade OpenClaw to version 2026.3.11 or later, where the authorization bypass issue has been fixed.

The fix ensures that browser profile creation routes correctly enforce admin-level authorization, preventing users with only operator.write permissions from accessing admin-only functions.

Additionally, review and restrict operator permissions to minimize exposure until the upgrade is applied.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32972. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart