TROYANOSYVIRUS
Voltar para CVEs

CVE-2026-32979

HIGH
7.3

Descricao

OpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to execute rewritten local code by modifying scripts between approval and execution when exact file binding cannot occur. Remote attackers can change approved local scripts before execution to achieve unintended code execution as the OpenClaw runtime user.

Detalhes CVE

Pontuacao CVSS v3.17.3
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Vetor de ataqueLOCAL
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioREQUIRED
Publicado3/29/2026
Ultima modificacao3/30/2026
Fontenvd
Avistamentos honeypot0

Produtos afetados

openclaw:openclaw

Fraquezas (CWE)

CWE-367

Referencias

https://github.com/openclaw/openclaw/security/advisories/GHSA-xf99-j42q-5w5p(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/openclaw-unbound-interpreter-and-runtime-commands-bypass-in-node-host-approval(disclosure@vulncheck.com)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.