CVE-2026-32023
Published: 19 March 2026
Summary
CVE-2026-32023 is a high-severity Incorrect Authorization (CWE-863) vulnerability in Openclaw Openclaw. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked at the 15.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and CM-7 (Least Functionality).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates CVE-2026-32023 by requiring timely remediation of the specific flaw through vendor patches like OpenClaw 2026.2.24.
Requires a reference monitor for complete mediation of command executions, preventing bypasses via nested transparent dispatch wrappers in system.run allowlist mode.
Enforces least functionality by restricting to approved commands only, countering unauthorized shell executions through chained dispatch wrappers.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Bypass of approval gating directly enables unauthorized /bin/sh -c execution (T1059.004); low-priv network access yielding high integrity impact maps to exploitation for privilege escalation (T1068).
NVD Description
OpenClaw versions prior to 2026.2.24 contain an approval gating bypass vulnerability in system.run allowlist mode where nested transparent dispatch wrappers can suppress shell-wrapper detection. Attackers can exploit this by chaining multiple dispatch wrappers like /usr/bin/env to execute /bin/sh -c commands…
more
without triggering the expected approval prompt in allowlist plus ask=on-miss configurations.
Deeper analysisAI
CVE-2026-32023 is an approval gating bypass vulnerability (CWE-863) in OpenClaw versions prior to 2026.2.24. The issue affects the system.run allowlist mode, where nested transparent dispatch wrappers suppress shell-wrapper detection. This allows execution of commands without triggering the expected approval prompt in allowlist plus ask=on-miss configurations. The vulnerability has a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L) and was published on 2026-03-19.
An attacker with low privileges can exploit this over the network with low complexity and no user interaction. By chaining multiple dispatch wrappers, such as /usr/bin/env, the attacker can execute /bin/sh -c commands while bypassing detection and approval gating. This results in high integrity impact by circumventing authorization controls and low availability impact, with no confidentiality impact.
Mitigation is addressed in OpenClaw version 2026.2.24 and later. Relevant details include the fixing commit at https://github.com/openclaw/openclaw/commit/57c9a18180c8b14885bbd95474cbb17ff2d03f0b, the GitHub security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-ccg8-46r6-9qgj, and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-approval-gating-bypass-via-dispatch-wrapper-depth-cap-mismatch-in-system-run.
Details
- CWE(s)