TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2026-32979

HIGH
7.3

Beschreibung

OpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to execute rewritten local code by modifying scripts between approval and execution when exact file binding cannot occur. Remote attackers can change approved local scripts before execution to achieve unintended code execution as the OpenClaw runtime user.

CVE Details

CVSS v3.1 Bewertung7.3
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
AngriffsvektorLOCAL
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionREQUIRED
Veroffentlicht3/29/2026
Zuletzt geandert3/30/2026
Quellenvd
Honeypot-Sichtungen0

Betroffene Produkte

openclaw:openclaw

Schwachen (CWE)

CWE-367

Referenzen

https://github.com/openclaw/openclaw/security/advisories/GHSA-xf99-j42q-5w5p(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/openclaw-unbound-interpreter-and-runtime-commands-bypass-in-node-host-approval(disclosure@vulncheck.com)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.