CVE-2026-32023

OpenClaw versions prior to 2026.2.24 contain an approval gating bypass vulnerability in system.run allowlist mode where nested transparent dispatch wrappers can suppress shell-wrapper detection. Attackers can exploit this by chaining multiple dispatch wrappers like /usr/bin/env to execute /bin/sh -c commands without triggering the expected approval prompt in allowlist plus ask=on-miss configurations.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/openclaw/openclaw/commit/57c9a18180c8b14885bbd95474cbb17ff2d03f0b	Patch
https://github.com/openclaw/openclaw/security/advisories/GHSA-ccg8-46r6-9qgj	Vendor Advisory
https://www.vulncheck.com/advisories/openclaw-approval-gating-bypass-via-dispatch-wrapper-depth-cap-mismatch-in-system-run	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*

History

25 Mar 2026, 15:16

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~5.9~~	v2 : unknown v3 : 7.1

24 Mar 2026, 19:09

Type	Values Removed	Values Added
References	~~() https://github.com/openclaw/openclaw/commit/57c9a18180c8b14885bbd95474cbb17ff2d03f0b -~~	() https://github.com/openclaw/openclaw/commit/57c9a18180c8b14885bbd95474cbb17ff2d03f0b - Patch
References	~~() https://github.com/openclaw/openclaw/security/advisories/GHSA-ccg8-46r6-9qgj -~~	() https://github.com/openclaw/openclaw/security/advisories/GHSA-ccg8-46r6-9qgj - Vendor Advisory
References	~~() https://www.vulncheck.com/advisories/openclaw-approval-gating-bypass-via-dispatch-wrapper-depth-cap-mismatch-in-system-run -~~	() https://www.vulncheck.com/advisories/openclaw-approval-gating-bypass-via-dispatch-wrapper-depth-cap-mismatch-in-system-run - Third Party Advisory
First Time		Openclaw openclaw Openclaw
CPE		cpe:2.3:a:openclaw:openclaw::::::node.js::*
Summary		(es) Versiones de OpenClaw anteriores a 2026.2.24 contienen una vulnerabilidad de omisión de control de aprobación en el modo de lista de permitidos de system.run donde los envoltorios de despacho transparentes anidados pueden suprimir la detección de envoltorios de shell. Los atacantes pueden explotar esto encadenando múltiples envoltorios de despacho como /usr/bin/env para ejecutar comandos /bin/sh -c sin activar la solicitud de aprobación esperada en configuraciones de lista de permitidos más ask=on-miss.

19 Mar 2026, 22:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-19 22:16

Updated : 2026-03-25 15:16

NVD link : CVE-2026-32023

Mitre link : CVE-2026-32023

CVE.ORG link : CVE-2026-32023

JSON object : View

Products Affected

openclaw

openclaw

CWE

CWE-863

Incorrect Authorization

7.1 /10