CVE-2026-32034
Published: 19 March 2026
Summary
CVE-2026-32034 is a high-severity OS Command Injection (CWE-78) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 26.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SC-8 (Transmission Confidentiality and Integrity).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the authentication bypass vulnerability by requiring timely installation of the vendor patch to OpenClaw version 2026.2.21 or later.
Prevents exploitation over plaintext HTTP by enforcing cryptographic mechanisms to protect the confidentiality and integrity of Control UI communications.
Ensures secure configuration of the Control UI by disabling the allowInsecureAuth option and prohibiting exposure over unencrypted channels.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Authentication bypass on publicly exposed Control UI over plaintext HTTP directly enables remote exploitation of the vulnerable application (T1190) and use of valid/leaked or intercepted credentials to obtain privileged access (T1078).
NVD Description
OpenClaw versions prior to 2026.2.21 contain an authentication bypass vulnerability in the Control UI when allowInsecureAuth is explicitly enabled and the gateway is exposed over plaintext HTTP, allowing attackers to bypass device identity and pairing verification. An attacker with leaked…
more
or intercepted credentials can obtain high-privilege Control UI access by exploiting the lack of secure authentication enforcement over unencrypted HTTP connections.
Deeper analysisAI
CVE-2026-32034, published on 2026-03-19, is an authentication bypass vulnerability in OpenClaw versions prior to 2026.2.21. The flaw affects the Control UI component when the allowInsecureAuth option is explicitly enabled and the gateway is exposed over plaintext HTTP. It enables attackers to bypass device identity and pairing verification by exploiting the absence of secure authentication enforcement over unencrypted HTTP connections. The vulnerability is associated with CWE-78 and carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H).
Attackers with leaked or intercepted credentials can exploit this issue remotely over the network with low complexity and low privileges. No user interaction is required, allowing them to obtain high-privilege access to the Control UI, which results in high impacts to integrity (I:H) and availability (A:H) without affecting confidentiality.
Advisories recommend upgrading to OpenClaw version 2026.2.21 or later to mitigate the vulnerability, as detailed in the patching commit at https://github.com/openclaw/openclaw/commit/40a292619e1f2be3a3b1db663d7494c9c2dc0abf. Further guidance is available in the GitHub Security Advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-3cvx-236h-m9fj and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-insecure-control-ui-authentication-over-plaintext-http.
Details
- CWE(s)