Cyber Resilience

CVE-2026-32302

High

Published: 13 March 2026

Published
13 March 2026
Modified
24 March 2026
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS Score 0.0015 4.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-32302 is a high-severity Origin Validation Error (CWE-346) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 4.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Privacy and Disclosure risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-4 (Information Flow Enforcement).

Deeper analysis

CVE-2026-32302 is a vulnerability in OpenClaw, a personal AI assistant, affecting versions prior to 2026.3.11. It stems from inadequate origin validation for browser-originated WebSocket connections when the gateway.auth.mode is configured to trusted-proxy and requests include proxy headers. This allows connections from untrusted origins to bypass checks, inheriting authentication from a trusted reverse proxy and escalating to a privileged operator session. The issue is classified under CWE-346 (Origin Validation Error) with a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).

An attacker can exploit this vulnerability by tricking a user into visiting a malicious webpage from an untrusted origin, such as through phishing or social engineering, as it requires user interaction. The malicious page can then initiate a WebSocket connection routed through a trusted reverse proxy. If the proxy provides authentication headers, the connection inherits that identity without proper origin checks, granting the attacker high confidentiality and integrity impacts, including access to privileged operator functions in OpenClaw.

Mitigation is available in OpenClaw version 2026.3.11, which addresses the origin validation bypass. Security practitioners should upgrade to this release immediately. Relevant resources include the fixing commit at https://github.com/openclaw/openclaw/commit/ebed3bbde1a72a1aaa9b87b63b91e7c04a50036b, the release page at https://github.com/openclaw/openclaw/releases/tag/v2026.3.11, and the security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-5wcw-8jjv-m286.

As OpenClaw is a personal AI assistant, this vulnerability could expose sensitive AI-driven operations or data to unauthorized control, highlighting risks in AI system gateways with proxy-based authentication. No public evidence of real-world exploitation has been reported.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-originated WebSocket connections could bypass origin validation when gateway.auth.mode was set to trusted-proxy and the request arrived with proxy headers. A page served from an untrusted origin could connect through a…

more

trusted reverse proxy, inherit proxy-authenticated identity, and establish a privileged operator session. This vulnerability is fixed in 2026.3.11.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Privacy and Disclosure
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1566.002 Spearphishing Link Initial Access
Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems.
Why these techniques?

Origin validation bypass in the WebSocket gateway directly enables exploitation of the exposed AI assistant application (T1190); attack requires delivery via malicious link from phishing/social engineering (T1566.002).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-41342Same product: Openclaw Openclaw
CVE-2026-32924Same product: Openclaw Openclaw
CVE-2026-43573Same product: Openclaw Openclaw
CVE-2026-35622Same product: Openclaw Openclaw
CVE-2026-28469Same product: Openclaw Openclaw
CVE-2026-22171Same product: Openclaw Openclaw
CVE-2026-30741Same product: Openclaw Openclaw
CVE-2026-28472Same product: Openclaw Openclaw
CVE-2026-41395Same product: Openclaw Openclaw
CVE-2026-32975Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.3.11

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of WebSocket origin inputs to prevent bypass of authentication checks via proxy headers from untrusted sources.

prevent

Mandates enforcement of access authorizations that independently validate connection origins beyond proxy-provided credentials to block privileged session establishment.

prevent

Enforces flow control policies to restrict information flows from untrusted origins through trusted proxies, preventing inheritance of authenticated identities.

References