CVE-2026-32302
Published: 13 March 2026
Summary
CVE-2026-32302 is a high-severity Origin Validation Error (CWE-346) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 5.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Other AI Platforms.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-4 (Information Flow Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires validation of WebSocket origin inputs to prevent bypass of authentication checks via proxy headers from untrusted sources.
Mandates enforcement of access authorizations that independently validate connection origins beyond proxy-provided credentials to block privileged session establishment.
Enforces flow control policies to restrict information flows from untrusted origins through trusted proxies, preventing inheritance of authenticated identities.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Origin validation bypass in the WebSocket gateway directly enables exploitation of the exposed AI assistant application (T1190); attack requires delivery via malicious link from phishing/social engineering (T1566.002).
NVD Description
OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-originated WebSocket connections could bypass origin validation when gateway.auth.mode was set to trusted-proxy and the request arrived with proxy headers. A page served from an untrusted origin could connect through a…
more
trusted reverse proxy, inherit proxy-authenticated identity, and establish a privileged operator session. This vulnerability is fixed in 2026.3.11.
Deeper analysisAI
CVE-2026-32302 is a vulnerability in OpenClaw, a personal AI assistant, affecting versions prior to 2026.3.11. It stems from inadequate origin validation for browser-originated WebSocket connections when the gateway.auth.mode is configured to trusted-proxy and requests include proxy headers. This allows connections from untrusted origins to bypass checks, inheriting authentication from a trusted reverse proxy and escalating to a privileged operator session. The issue is classified under CWE-346 (Origin Validation Error) with a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).
An attacker can exploit this vulnerability by tricking a user into visiting a malicious webpage from an untrusted origin, such as through phishing or social engineering, as it requires user interaction. The malicious page can then initiate a WebSocket connection routed through a trusted reverse proxy. If the proxy provides authentication headers, the connection inherits that identity without proper origin checks, granting the attacker high confidentiality and integrity impacts, including access to privileged operator functions in OpenClaw.
Mitigation is available in OpenClaw version 2026.3.11, which addresses the origin validation bypass. Security practitioners should upgrade to this release immediately. Relevant resources include the fixing commit at https://github.com/openclaw/openclaw/commit/ebed3bbde1a72a1aaa9b87b63b91e7c04a50036b, the release page at https://github.com/openclaw/openclaw/releases/tag/v2026.3.11, and the security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-5wcw-8jjv-m286.
As OpenClaw is a personal AI assistant, this vulnerability could expose sensitive AI-driven operations or data to unauthorized control, highlighting risks in AI system gateways with proxy-based authentication. No public evidence of real-world exploitation has been reported.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai