Cyber Resilience

CVE-2026-32918

CriticalPublic PoC

Published: 29 March 2026

Published
29 March 2026
Modified
31 March 2026
KEV Added
Patch
CVSS Score v4 9.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0010 1.1th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-32918 is a critical-severity Incorrect Authorization (CWE-863) vulnerability in Openclaw Openclaw. Its CVSS base score is 9.2 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-39 (Process Isolation).

Deeper analysis

CVE-2026-32918 is a session sandbox escape vulnerability affecting OpenClaw versions before 2026.3.11, specifically in the session_status tool. This issue, tied to CWE-863 (Incorrect Authorization), allows sandboxed subagents to bypass isolation by supplying arbitrary sessionKey values, enabling access to parent or sibling session state. As a result, attackers can read or modify session data outside their sandbox scope, including persisted model overrides. The vulnerability carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N) and was published on 2026-03-29.

Local attackers with low privileges can exploit this vulnerability by running a sandboxed subagent and invoking the session_status tool with manipulated sessionKey inputs. No user interaction is required, and the low attack complexity makes it accessible to adversaries with adjacent system access. Successful exploitation changes the scope to high, providing high-level confidentiality and integrity impacts, such as exfiltrating sensitive session data or altering configurations across sessions.

Mitigation details are available in advisories from the OpenClaw GitHub Security Advisory (GHSA-wcxr-59v9-rxr8) and VulnCheck (vulncheck.com/advisories/openclaw-session-sandbox-escape-via-session-status-tool), which recommend upgrading to OpenClaw 2026.3.11 or later to address the flaw. Practitioners should consult these sources for additional remediation steps and verification guidance.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the session_status tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or modify session data outside their sandbox scope,…

more

including persisted model overrides.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Sandbox escape via incorrect authorization (arbitrary sessionKey) allows low-privileged subagents to access/modify parent/sibling session state and configurations, directly enabling privilege escalation beyond the sandbox boundary with scope change.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-42429Same product: Openclaw Openclaw
CVE-2026-33579Same product: Openclaw Openclaw
CVE-2026-32915Same product: Openclaw Openclaw
CVE-2026-33577Same product: Openclaw Openclaw
CVE-2026-41404Same product: Openclaw Openclaw
CVE-2026-41344Same product: Openclaw Openclaw
CVE-2026-42432Same product: Openclaw Openclaw
CVE-2026-41371Same product: Openclaw Openclaw
CVE-2026-41379Same product: Openclaw Openclaw
CVE-2026-32972Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.3.11

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations to prevent sandboxed subagents from accessing unauthorized parent or sibling session data via arbitrary sessionKey values.

prevent

Maintains robust process isolation for sandboxed subagents, directly mitigating session sandbox escape vulnerabilities in tools like session_status.

prevent

Requires timely identification, reporting, and remediation of flaws like CVE-2026-32918 through patching to OpenClaw 2026.3.11 or later.

References