CVE-2026-32979
Approval Integrity Vulnerability in OpenClaw Enables Remote Code Execution
Publication date: 2026-03-29
Last updated on: 2026-03-30
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.3.11 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-367 | The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-32979 is a vulnerability in OpenClaw versions before 2026.3.11 that involves an approval integrity flaw. It occurs because the system's approval mechanism can be bypassed when OpenClaw fails to bind exactly one concrete local file during the approval process for interpreter and runtime commands.
This flaw creates a Time-of-Check to Time-of-Use (TOCTOU) race condition, where an attacker can modify a local script after it has been approved but before it is executed. As a result, the OpenClaw runtime executes the altered, potentially malicious code under its user privileges instead of the originally approved script.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows remote attackers to execute unintended local code by modifying approved scripts before execution, leading to potential unauthorized code execution under the OpenClaw runtime user.
Such unauthorized code execution could lead to breaches of confidentiality, integrity, and availability of data processed by OpenClaw, which may impact compliance with standards and regulations like GDPR and HIPAA that require protection of sensitive data and system integrity.
However, the provided information does not explicitly discuss the direct impact on compliance with these standards or regulations.
How can this vulnerability impact me? :
This vulnerability can lead to unintended local code execution under the OpenClaw runtime user. An attacker with local access and low privileges can exploit the race condition to replace approved scripts with malicious ones before execution.
The impact includes high confidentiality, integrity, and availability risks because the attacker can execute arbitrary code, potentially compromising the system, altering data, or disrupting services.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, users are advised to upgrade OpenClaw to version 2026.3.11 or later.
The fix enforces a fail-closed policy requiring approval-backed interpreter and runtime commands to bind exactly one concrete local file operand, preventing the approval integrity bypass.