Compliance Impact

The vulnerability allows authenticated operators to bypass workspace boundaries and execute arbitrary file and execution operations from any accessible directory, leading to unauthorized access and potential exposure of sensitive data.

Such unauthorized access and potential data exposure could negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict controls on data confidentiality, integrity, and access.

Because the vulnerability enables high confidentiality, integrity, and availability risks, organizations using affected versions of OpenClaw may face challenges in meeting regulatory requirements for protecting sensitive information.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves the gateway agent RPC interface in OpenClaw versions prior to 2026.3.11, where an authenticated operator with operator.write permission can supply manipulated parameters to bypass workspace boundaries.

To detect exploitation attempts or presence of this vulnerability on your system, you should monitor RPC calls to the gateway agent for suspicious usage of the parameters `spawnedBy` and `workspaceDir` that deviate from expected values.

Since the vulnerability requires authenticated operator access, auditing logs for operator.write actions and unusual workspace boundary overrides can help identify potential exploitation.

Specific commands are not provided in the available resources, but general detection steps include:

• Review gateway agent RPC logs for calls containing unexpected or attacker-controlled `spawnedBy` and `workspaceDir` parameter values.
• Audit operator activity logs for unauthorized or unusual file and execution operations outside the configured workspace boundaries.
• Use network monitoring tools to detect anomalous RPC traffic patterns targeting the gateway agent.

Upgrading OpenClaw to version 2026.3.11 or later is the recommended mitigation to prevent this vulnerability.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-33573 is a high-severity authorization bypass vulnerability in OpenClaw versions before 2026.3.11. It exists in the gateway agent's RPC interface, where authenticated operators with operator.write permission can supply attacker-controlled values for the parameters spawnedBy and workspaceDir.

This manipulation allows these operators to bypass the intended workspace boundary restrictions, enabling them to escape the configured workspace confines.

As a result, attackers can perform arbitrary file and execution operations from any directory accessible by the process, potentially leading to unauthorized resource access and execution.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows a remote authenticated operator with operator.write privileges to escape the configured workspace boundary and execute arbitrary file and execution operations from any directory accessible by the process.

• Unauthorized access to files and resources outside the intended workspace.
• Potential execution of arbitrary commands or code from unauthorized directories.
• Significant risks to confidentiality, integrity, and availability of the system.
• Possible disruption of component availability or unauthorized modification of data.

Useful 0 Not Useful 0

Mitigation Strategies

The recommended immediate step to mitigate this vulnerability is to upgrade OpenClaw to version 2026.3.11 or later.

The patch enforces the configured workspace boundary for agent runs regardless of any caller-supplied overrides, preventing unauthorized workspace boundary bypass.

Useful 0 Not Useful 0