CVE-2026-32916
Published: 31 March 2026
Summary
CVE-2026-32916 is a critical-severity Incorrect Privilege Assignment (CWE-266) vulnerability in Openclaw Openclaw. Its CVSS base score is 9.4 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 27.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations for access to system resources, directly preventing the authorization bypass via plugin subagent routes using synthetic operator clients with broad scopes.
Requires least privilege for processes acting on behalf of users, mitigating broad administrative scopes assigned to synthetic clients that enable privileged gateway actions.
Mandates a reference monitor mechanism to enforce access control policies, addressing the failure to mediate unauthorized calls to runtime.subagent methods through plugin routes.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Authorization bypass in public-facing OpenClaw enables remote unauthenticated exploitation of the application (T1190) and directly grants administrative privileges via synthetic operator scopes (T1068).
NVD Description
OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization bypass vulnerability where plugin subagent routes execute gateway methods through a synthetic operator client with broad administrative scopes. Remote unauthenticated requests to plugin-owned routes can invoke runtime.subagent methods to perform privileged gateway…
more
actions including session deletion and agent execution.
Deeper analysisAI
CVE-2026-32916 is an authorization bypass vulnerability (CWE-266) in OpenClaw versions 2026.3.7 before 2026.3.11. The issue arises because plugin subagent routes execute gateway methods through a synthetic operator client with broad administrative scopes, allowing unauthorized access to privileged functions.
Remote unauthenticated attackers can exploit this by sending requests to plugin-owned routes, which invoke runtime.subagent methods to perform privileged gateway actions, including session deletion and agent execution. The vulnerability carries a CVSS v3.1 base score of 9.4 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L), enabling network-based exploitation with low complexity, no privileges or user interaction required, and significant impacts on confidentiality and integrity.
Advisories published on the OpenClaw GitHub security page (GHSA-xw77-45gv-p728) and VulnCheck (https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-plugin-subagent-routes-via-synthetic-admin-scopes) address the vulnerability, with mitigation achieved by upgrading to OpenClaw version 2026.3.11 or later.
Details
- CWE(s)