CVE-2026-32048
Published: 21 March 2026
Summary
CVE-2026-32048 is a high-severity Incorrect Permission Assignment for Critical Resource (CWE-732) vulnerability in Openclaw Openclaw. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 5.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and SC-39 (Process Isolation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Maintains separate execution domains for processes, directly preventing sandboxed sessions from spawning unsandboxed child processes that bypass confinement restrictions.
Implements a tamper-proof reference monitor to mediate all accesses, ensuring enforcement of sandbox inheritance during cross-agent sessions_spawn operations.
Requires timely identification and remediation of software flaws like the sandbox inheritance failure, by applying patches such as OpenClaw 2026.3.1.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE enables direct sandbox escape via unsandboxed child process/runtime spawning (sandbox inheritance failure), mapping to privilege escalation exploitation and container/runtime breakout.
NVD Description
OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessions_spawn operations, allowing sandboxed sessions to create child processes under unsandboxed agents. An attacker with a sandboxed session can exploit this to spawn child runtimes with sandbox.mode set…
more
to off, bypassing runtime confinement restrictions.
Deeper analysisAI
CVE-2026-32048, published on 2026-03-21, affects OpenClaw versions prior to 2026.3.1. The vulnerability (CWE-732) arises from a failure to enforce sandbox inheritance during cross-agent sessions_spawn operations, which allows sandboxed sessions to create child processes under unsandboxed agents. This flaw enables attackers to spawn child runtimes with sandbox.mode set to off, bypassing runtime confinement restrictions. The issue carries a CVSS v3.1 base score of 7.5 (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).
An attacker with low privileges (PR:L) who gains access to a sandboxed session can exploit this vulnerability over the network (AV:N), though it requires high attack complexity (AC:H) and no user interaction (UI:N). Exploitation allows the attacker to escape sandbox confinement by spawning unsandboxed child processes and runtimes, achieving high impacts on confidentiality, integrity, and availability.
Advisories recommend upgrading to OpenClaw 2026.3.1 or later to mitigate the issue by enforcing proper sandbox inheritance. Additional details are available in the GitHub security advisory (https://github.com/openclaw/openclaw/security/advisories/GHSA-p7gr-f84w-hqg5) and the VulnCheck advisory (https://www.vulncheck.com/advisories/openclaw-sandbox-escape-via-cross-agent-sessions-spawn).
Details
- CWE(s)