Home / Vulnerability Intelligence / CVE-2026-32915

CVE-2026-32915 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 31, 2026

OpenClaw - Broken Access Control

Published: March 29, 2026Updated: March 31, 2026

Overview

OpenClaw < 2026.3.11 contains a sandbox boundary bypass caused by insufficient authorization checks on subagent control requests, letting low-privilege sandboxed leaf workers execute with broader tool policies, exploit requires low-privilege sandboxed leaf worker access.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 1.1%(Probability of exploitation in next 30 days)

Impact

Low-privilege sandboxed workers can escalate privileges to control sibling runs and execute with broader policies, risking system integrity.

Mitigation

Update to version 2026.3.11 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 29, 2026

🟠 CVE-2026-32915 - High (8.8) OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32915/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-32915
Severity: High
CVSS Score: 8.8
Type: broken_access_control
Status: confirmed
EPSS: 1.1%
Social Posts: 1

CWE

CWE-863

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score

1.1%Probability of exploitation in the next 30 days