CVE-2026-32975
Published: 29 March 2026
Summary
CVE-2026-32975 is a critical-severity Reliance on Untrusted Inputs in a Security Decision (CWE-807) vulnerability in Openclaw Openclaw. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 24.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-16 (Security and Privacy Attributes) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
AC-3 mandates enforcement of approved authorizations using stable identifiers rather than mutable group display names, directly preventing the authorization bypass in Zalouser allowlist mode.
AC-16 requires associating and using stable security attributes like group identifiers for access control, mitigating reliance on mutable display names exploited in this CVE.
AC-4 enforces information flow policies to restrict message routing to authorized channels only, blocking bypasses from unintended groups to the agent.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated authorization bypass (CWE-807) in network-accessible OpenClaw/Zalouser component directly matches T1190 Exploit Public-Facing Application, enabling message injection/exfiltration with no credentials or user interaction required.
NVD Description
OpenClaw before 2026.3.12 contains a weak authorization vulnerability in Zalouser allowlist mode that matches mutable group display names instead of stable group identifiers. Attackers can create groups with identical names to allowlisted groups to bypass channel authorization and route messages…
more
from unintended groups to the agent.
Deeper analysisAI
CVE-2026-32975 is a weak authorization vulnerability (CWE-807) affecting OpenClaw versions before 2026.3.12, specifically in Zalouser allowlist mode. The flaw occurs because authorization checks match mutable group display names rather than stable group identifiers, enabling bypasses of intended restrictions. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low attack complexity, and lack of prerequisites.
Unauthenticated attackers can exploit this vulnerability remotely without user interaction. By creating groups with display names identical to those in the Zalouser allowlist, they bypass channel authorization controls and route messages from unintended groups to the agent. This could allow unauthorized message injection or exfiltration, compromising confidentiality, integrity, and availability as reflected in the high CVSS impact metrics.
Mitigation details are available in the referenced advisories, including the OpenClaw security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-f5mf-3r52-r83w and VulnCheck analysis at https://www.vulncheck.com/advisories/openclaw-weak-authorization-via-mutable-group-names-in-zalouser-allowlist. OpenClaw 2026.3.12 addresses the issue by using stable identifiers for authorization.
Details
- CWE(s)