CVE-2026-32979
Received Received - Intake
Approval Integrity Vulnerability in OpenClaw Enables Remote Code Execution

Publication date: 2026-03-29

Last updated on: 2026-03-30

Assigner: VulnCheck

Description
OpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to execute rewritten local code by modifying scripts between approval and execution when exact file binding cannot occur. Remote attackers can change approved local scripts before execution to achieve unintended code execution as the OpenClaw runtime user.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-29
Last Modified
2026-03-30
Generated
2026-06-16
AI Q&A
2026-03-29
EPSS Evaluated
2026-06-14
NVD
CVE-2026-32979
EUVD
EUVD-2026-17018
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.3.11 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-367 The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-32979 is a vulnerability in OpenClaw versions before 2026.3.11 that involves an approval integrity flaw. It occurs because the system's approval mechanism can be bypassed when OpenClaw fails to bind exactly one concrete local file during the approval process for interpreter and runtime commands.

This flaw creates a Time-of-Check to Time-of-Use (TOCTOU) race condition, where an attacker can modify a local script after it has been approved but before it is executed. As a result, the OpenClaw runtime executes the altered, potentially malicious code under its user privileges instead of the originally approved script.

Compliance Impact

The vulnerability allows remote attackers to execute unintended local code by modifying approved scripts before execution, leading to potential unauthorized code execution under the OpenClaw runtime user.

Such unauthorized code execution could lead to breaches of confidentiality, integrity, and availability of data processed by OpenClaw, which may impact compliance with standards and regulations like GDPR and HIPAA that require protection of sensitive data and system integrity.

However, the provided information does not explicitly discuss the direct impact on compliance with these standards or regulations.

Impact Analysis

This vulnerability can lead to unintended local code execution under the OpenClaw runtime user. An attacker with local access and low privileges can exploit the race condition to replace approved scripts with malicious ones before execution.

The impact includes high confidentiality, integrity, and availability risks because the attacker can execute arbitrary code, potentially compromising the system, altering data, or disrupting services.

Mitigation Strategies

To mitigate this vulnerability, users are advised to upgrade OpenClaw to version 2026.3.11 or later.

The fix enforces a fail-closed policy requiring approval-backed interpreter and runtime commands to bind exactly one concrete local file operand, preventing the approval integrity bypass.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32979. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart