CVE-2026-33573
Published: 29 March 2026
Summary
CVE-2026-33573 is a high-severity Exposure of Resource to Wrong Sphere (CWE-668) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 17.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 mandates validation of information inputs such as attacker-controlled spawnedBy and workspaceDir RPC parameters to block override of workspace boundaries.
AC-3 enforces approved authorizations to prevent authenticated operators from bypassing gateway agent RPC workspace isolation and accessing arbitrary directories.
AC-6 applies least privilege to operator.write roles and agent processes, limiting the scope of arbitrary file and exec operations even if boundaries are bypassed.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Workspace boundary bypass via RPC authz flaw directly enables arbitrary exec (T1059) and file read/write ops (T1005) from any accessible directory, achieving privilege escalation (T1068) from limited operator access.
NVD Description
OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC that allows authenticated operators with operator.write permission to override workspace boundaries by supplying attacker-controlled spawnedBy and workspaceDir values. Remote operators can escape the configured workspace boundary and…
more
execute arbitrary file and exec operations from any process-accessible directory.
Deeper analysisAI
CVE-2026-33573, published on 2026-03-29, is an authorization bypass vulnerability (CWE-668) in the gateway agent RPC component of OpenClaw versions prior to 2026.3.11. It enables authenticated operators with operator.write permission to override configured workspace boundaries by supplying attacker-controlled spawnedBy and workspaceDir values. This flaw allows remote operators to escape workspace restrictions and perform arbitrary file and exec operations from any process-accessible directory on the system.
The vulnerability has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to network accessibility, low attack complexity, and low required privileges with no user interaction. An authenticated attacker with operator.write permissions can exploit it remotely to bypass isolation controls, achieving full read/write/execute access outside the intended workspace, potentially leading to complete system compromise depending on the host environment and process privileges.
Mitigation details are provided in the official advisories, including the GitHub Security Advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-2rqg-gjgv-84jm and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-workspace-boundary-bypass-via-agent-rpc-parameters. Upgrading to OpenClaw 2026.3.11 or later resolves the issue by enforcing proper validation of RPC parameters.
Details
- CWE(s)