CVE-2026-32915— OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Subagent Control Surface
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-32915
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Subagent Control Surface
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf worker can steer or kill sibling runs and cause execution with broader tool policies by exploiting insufficient authorization checks on subagent control requests.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenClaw 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.3.11之前版本存在安全漏洞,该漏洞源于存在沙箱边界绕过漏洞,允许叶子子代理访问子代理控制表面并根据父请求者范围而非其自身会话树进行解析,可能导致低权限沙箱叶子工作线程利用子代理控制请求上授权检查不足来操纵或终止同级运行,并以更广泛的工具策略执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-32915
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-32915
Please Login to view more intelligence information
Same Patch Batch · OpenClaw · 2026-03-29 · 19 CVEs total
| CVE-2026-32922 | 9.9 CRITICAL | OpenClaw < 2026.3.11 - Privilege Escalation via Unvalidated Scope in device.token.rotate |
| CVE-2026-32924 | 9.8 CRITICAL | OpenClaw < 2026.3.12 - Authorization Bypass via Misclassified Reaction Events in Feishu |
| CVE-2026-32987 | 9.8 CRITICAL | OpenClaw < 2026.3.13 - Bootstrap Setup Code Replay via Device Pairing |
| CVE-2026-32973 | 9.8 CRITICAL | OpenClaw < 2026.3.11 - Exec Allowlist Pattern Overmatch via POSIX Path Normalization |
| CVE-2026-32975 | 9.8 CRITICAL | OpenClaw < 2026.3.12 - Weak Authorization via Mutable Group Names in Zalouser Allowlist |
| CVE-2026-32914 | 8.8 HIGH | OpenClaw < 2026.3.12 - Insufficient Access Control in /config and /debug Endpoints |
| CVE-2026-33573 | 8.8 HIGH | OpenClaw < 2026.3.11 - Workspace Boundary Bypass via Agent RPC Parameters |
| CVE-2026-32974 | 8.6 HIGH | OpenClaw < 2026.3.12 - Forged Event Injection via Feishu Webhook Verification Token |
| CVE-2026-33572 | 8.4 HIGH | OpenClaw < 2026.2.17 - Insufficient File Permissions in Session Transcript Files |
| CVE-2026-32918 | 8.4 HIGH | OpenClaw < 2026.3.11 - Session Sandbox Escape via session_status Tool |
| CVE-2026-32978 | 8.0 HIGH | OpenClaw < 2026.3.11 - Approval Bypass via Unrecognized Script Runners |
| CVE-2026-32980 | 7.5 HIGH | OpenClaw < 2026.3.13 - Resource Exhaustion via Unauthenticated Telegram Webhook Request |
| CVE-2026-33575 | 7.5 HIGH | OpenClaw < 2026.3.12 - Long-lived Credential Exposure in Pairing Setup Codes |
| CVE-2026-32979 | 7.3 HIGH | OpenClaw < 2026.3.11 - Unbound Interpreter and Runtime Commands Bypass in node-host Approv |
| CVE-2026-32972 | 7.1 HIGH | OpenClaw < 2026.3.11 - Authorization Bypass in Browser Profile Management via browser.requ |
| CVE-2026-33574 | 6.2 MEDIUM | OpenClaw < 2026.3.8 - Path Traversal via Tools Root Rebinding in Skills Download |
| CVE-2026-32919 | 6.1 MEDIUM | OpenClaw < 2026.3.11 - Unauthorized Session Reset via agent Slash Commands |
| CVE-2026-32923 | 5.4 MEDIUM | OpenClaw < 2026.3.11 - Authorization Bypass in Discord Guild Reaction Allowlist Enforcemen |
IV. Related Vulnerabilities
Same product: OpenClaw
- CVE-2026-44118
OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Tok - CVE-2026-44117
OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot - CVE-2026-44116
OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo P - CVE-2026-44115
OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted He - CVE-2026-44114
OpenClaw < 2026.4.20 - Environment Variable Namespace Collis
Same vendor: OpenClaw
- CVE-2026-44118
OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Tok - CVE-2026-44116
OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo P - CVE-2026-44117
OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot - CVE-2026-44115
OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted He - CVE-2026-44114
OpenClaw < 2026.4.20 - Environment Variable Namespace Collis
Same weakness: CWE-863
- CVE-2026-42296
Argo Workflows has incomplete fix for CVE-2026-31892: hostNe - CVE-2025-66170
Apache CloudStack: Any user can list backups that they shoul - CVE-2026-41903
FreeScout IDOR Vulnerability: PERM_EDIT_USERS allows modifyi - CVE-2026-41689
Wallos: Shared local webhook allowlist lets low-privilege us - CVE-2026-41660
Admidio: Inverted 2FA Reset Authorization Check Lets Group L
V. Comments for CVE-2026-32915
No comments yet