Cyber Resilience

CVE-2026-32023

MediumPublic PoC

Published: 19 March 2026

Published
19 March 2026
Modified
25 March 2026
KEV Added
Patch
CVSS Score v4 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0028 19.2th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-32023 is a medium-severity Incorrect Authorization (CWE-863) vulnerability in Openclaw Openclaw. Its CVSS base score is 6.0 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked at the 19.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and CM-7 (Least Functionality).

Deeper analysis

CVE-2026-32023 is an approval gating bypass vulnerability (CWE-863) in OpenClaw versions prior to 2026.2.24. The issue affects the system.run allowlist mode, where nested transparent dispatch wrappers suppress shell-wrapper detection. This allows execution of commands without triggering the expected approval prompt in allowlist plus ask=on-miss configurations. The vulnerability has a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L) and was published on 2026-03-19.

An attacker with low privileges can exploit this over the network with low complexity and no user interaction. By chaining multiple dispatch wrappers, such as /usr/bin/env, the attacker can execute /bin/sh -c commands while bypassing detection and approval gating. This results in high integrity impact by circumventing authorization controls and low availability impact, with no confidentiality impact.

Mitigation is addressed in OpenClaw version 2026.2.24 and later. Relevant details include the fixing commit at https://github.com/openclaw/openclaw/commit/57c9a18180c8b14885bbd95474cbb17ff2d03f0b, the GitHub security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-ccg8-46r6-9qgj, and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-approval-gating-bypass-via-dispatch-wrapper-depth-cap-mismatch-in-system-run.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

OpenClaw versions prior to 2026.2.24 contain an approval gating bypass vulnerability in system.run allowlist mode where nested transparent dispatch wrappers can suppress shell-wrapper detection. Attackers can exploit this by chaining multiple dispatch wrappers like /usr/bin/env to execute /bin/sh -c commands…

more

without triggering the expected approval prompt in allowlist plus ask=on-miss configurations.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Bypass of approval gating directly enables unauthorized /bin/sh -c execution (T1059.004); low-priv network access yielding high integrity impact maps to exploitation for privilege escalation (T1068).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-42429Same product: Openclaw Openclaw
CVE-2026-33579Same product: Openclaw Openclaw
CVE-2026-32915Same product: Openclaw Openclaw
CVE-2026-33577Same product: Openclaw Openclaw
CVE-2026-41404Same product: Openclaw Openclaw
CVE-2026-41344Same product: Openclaw Openclaw
CVE-2026-42432Same product: Openclaw Openclaw
CVE-2026-32918Same product: Openclaw Openclaw
CVE-2026-41371Same product: Openclaw Openclaw
CVE-2026-41379Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.2.24

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CVE-2026-32023 by requiring timely remediation of the specific flaw through vendor patches like OpenClaw 2026.2.24.

prevent

Requires a reference monitor for complete mediation of command executions, preventing bypasses via nested transparent dispatch wrappers in system.run allowlist mode.

prevent

Enforces least functionality by restricting to approved commands only, countering unauthorized shell executions through chained dispatch wrappers.

References