Cyber Resilience

CVE-2026-32036

HighPublic PoC

Published: 19 March 2026

Published
19 March 2026
Modified
23 March 2026
KEV Added
Patch
CVSS Score v4 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0043 34.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-32036 is a high-severity Authentication Bypass by Alternate Name (CWE-289) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 34.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-32036 is a path traversal vulnerability in the OpenClaw gateway plugin versions prior to 2026.2.26. It enables remote attackers to bypass route authentication checks by manipulating /api/channels paths with encoded dot-segment traversal sequences. Handlers that normalize incoming paths allow attackers to craft alternate paths, accessing protected plugin channel routes and circumventing security controls. The issue maps to CWE-289 (Authentication Bypass by Alternate Name) and CWE-22 (Path Traversal), with a CVSS v3.1 base score of 6.5 (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N). It was published on 2026-03-19.

Remote attackers can exploit this vulnerability over the network without privileges or user interaction, though it demands high attack complexity. By sending crafted requests with encoded traversal patterns, they bypass authentication on protected /api/channels routes, achieving low confidentiality impact but high integrity impact, such as unauthorized modifications to plugin channels, with no availability disruption.

Advisories recommend updating the OpenClaw gateway plugin to version 2026.2.26 or later to mitigate the issue. Patch details are in the GitHub commit at https://github.com/openclaw/openclaw/commit/258d615c45527ffda37cecd08cd268f97461bde0, with further guidance in the GitHub security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-mwxv-35wr-4vvj and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-authentication-bypass-via-encoded-dot-segment-traversal-in-api-channels.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

OpenClaw gateway plugin versions prior to 2026.2.26 contain a path traversal vulnerability that allows remote attackers to bypass route authentication checks by manipulating /api/channels paths with encoded dot-segment traversal sequences. Attackers can craft alternate paths using encoded traversal patterns to…

more

access protected plugin channel routes when handlers normalize the incoming path, circumventing security controls.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability is a path traversal in a public-facing gateway plugin API that enables remote attackers to bypass authentication and access protected routes, directly mapping to exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-22171Same product: Openclaw Openclaw
CVE-2026-28453Same product: Openclaw Openclaw
CVE-2026-32924Same product: Openclaw Openclaw
CVE-2026-43573Same product: Openclaw Openclaw
CVE-2026-35622Same product: Openclaw Openclaw
CVE-2026-28469Same product: Openclaw Openclaw
CVE-2026-28462Same product: Openclaw Openclaw
CVE-2026-28472Same product: Openclaw Openclaw
CVE-2026-41395Same product: Openclaw Openclaw
CVE-2026-33581Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.2.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Information Input Validation directly prevents path traversal attacks by sanitizing and validating manipulated /api/channels paths with encoded dot-segment sequences before processing.

prevent

Flaw Remediation requires updating the OpenClaw gateway plugin to version 2026.2.26 or later, which patches the normalization flaw allowing authentication bypass.

prevent

Access Enforcement ensures logical access policies are applied correctly to protected plugin channel routes, mitigating bypass via crafted alternate paths.

References