Cyber Resilience

CVE-2026-32975

MediumPublic PoC

Published: 29 March 2026

Published
29 March 2026
Modified
30 March 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0034 25.2th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-32975 is a medium-severity Reliance on Untrusted Inputs in a Security Decision (CWE-807) vulnerability in Openclaw Openclaw. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 25.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-16 (Security and Privacy Attributes) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2026-32975 is a weak authorization vulnerability (CWE-807) affecting OpenClaw versions before 2026.3.12, specifically in Zalouser allowlist mode. The flaw occurs because authorization checks match mutable group display names rather than stable group identifiers, enabling bypasses of intended restrictions. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low attack complexity, and lack of prerequisites.

Unauthenticated attackers can exploit this vulnerability remotely without user interaction. By creating groups with display names identical to those in the Zalouser allowlist, they bypass channel authorization controls and route messages from unintended groups to the agent. This could allow unauthorized message injection or exfiltration, compromising confidentiality, integrity, and availability as reflected in the high CVSS impact metrics.

Mitigation details are available in the referenced advisories, including the OpenClaw security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-f5mf-3r52-r83w and VulnCheck analysis at https://www.vulncheck.com/advisories/openclaw-weak-authorization-via-mutable-group-names-in-zalouser-allowlist. OpenClaw 2026.3.12 addresses the issue by using stable identifiers for authorization.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

OpenClaw before 2026.3.12 contains a weak authorization vulnerability in Zalouser allowlist mode that matches mutable group display names instead of stable group identifiers. Attackers can create groups with identical names to allowlisted groups to bypass channel authorization and route messages…

more

from unintended groups to the agent.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Remote unauthenticated authorization bypass (CWE-807) in network-accessible OpenClaw/Zalouser component directly matches T1190 Exploit Public-Facing Application, enabling message injection/exfiltration with no credentials or user interaction required.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-35670Same product: Openclaw Openclaw
CVE-2026-32924Same product: Openclaw Openclaw
CVE-2026-41394Same product: Openclaw Openclaw
CVE-2026-43573Same product: Openclaw Openclaw
CVE-2026-31989Same product: Openclaw Openclaw
CVE-2026-28472Same product: Openclaw Openclaw
CVE-2026-41395Same product: Openclaw Openclaw
CVE-2026-32004Same product: Openclaw Openclaw
CVE-2026-43580Same product: Openclaw Openclaw
CVE-2026-35637Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.3.12

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

AC-3 mandates enforcement of approved authorizations using stable identifiers rather than mutable group display names, directly preventing the authorization bypass in Zalouser allowlist mode.

prevent

AC-16 requires associating and using stable security attributes like group identifiers for access control, mitigating reliance on mutable display names exploited in this CVE.

prevent

AC-4 enforces information flow policies to restrict message routing to authorized channels only, blocking bypasses from unintended groups to the agent.

References