← Volver a CVEs
CVE-2026-32978
HIGH8.0
Descripcion
OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable file operands for certain script runners like tsx and jiti. Attackers can obtain approval for benign script commands, rewrite referenced scripts on disk, and execute modified code under the approved run context.
Detalles CVE
Puntuacion CVSS v3.18.0
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadHIGH
Privilegios requeridosLOW
Interaccion usuarioREQUIRED
Publicado3/29/2026
Ultima modificacion3/30/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
openclaw:openclaw
Debilidades (CWE)
CWE-863
Referencias
https://github.com/openclaw/openclaw/security/advisories/GHSA-qc36-x95h-7j53(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/openclaw-approval-bypass-via-unrecognized-script-runners(disclosure@vulncheck.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.