CVE-2026-32915
Published: 29 March 2026
Summary
CVE-2026-32915 is a high-severity Incorrect Authorization (CWE-863) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly enforces authorization checks on subagent control requests to prevent low-privilege leaf workers from accessing parent requester scope.
Implements a tamper-proof reference monitor to mediate all accesses to the subagents control surface, ensuring enforcement of sandbox boundaries.
Maintains process isolation between sandboxed leaf subagents and siblings to block unauthorized control surface interactions and scope resolution.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Sandbox boundary bypass via improper authorization (CWE-863) on subagent control requests directly enables a low-privileged local process to obtain broader execution scope and affect sibling runs, matching exploitation for privilege escalation.
NVD Description
OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf worker can steer or kill sibling…
more
runs and cause execution with broader tool policies by exploiting insufficient authorization checks on subagent control requests.
Deeper analysisAI
CVE-2026-32915 is a sandbox boundary bypass vulnerability affecting OpenClaw versions before 2026.3.11. The issue arises from insufficient authorization checks on subagent control requests (CWE-863), which allow leaf subagents to access the subagents control surface and resolve requests against the parent requester scope instead of their own session tree.
A local attacker with low privileges can exploit this vulnerability without user interaction and with low attack complexity. Exploitation enables a low-privilege sandboxed leaf worker to steer or kill sibling runs and cause execution with broader tool policies, leading to high impacts on confidentiality, integrity, and availability due to the changed scope. The CVSS v3.1 base score is 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Advisories recommend updating to OpenClaw 2026.3.11 or later to address the vulnerability. Relevant references include the GitHub security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-4w7m-58cg-cmff and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-sandbox-boundary-bypass-via-subagent-control-surface.
Details
- CWE(s)