Description
OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization bypass vulnerability where plugin subagent routes execute gateway methods through a synthetic operator client with broad administrative scopes. Remote unauthenticated requests to plugin-owned routes can invoke runtime.subagent methods to perform privileged gateway actions including session deletion and agent execution.
Published: 2026-03-31
Score: 9.2 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized privileged access via plugin routes
Action: Patch Now
AI Analysis

Impact

The vulnerability resides in OpenClaw versions earlier than 2026.3.11. Plugin subagent routes are executed using a synthetic operator client that has broad administrative scopes. This allows attackers to send remote requests to plugin‑owned routes without authentication, and the gateway will invoke runtime.subagent methods. The attacker can perform privileged gateway actions such as deleting sessions and causing an agent to execute. The weakness is an authorization bypass, classified as CWE‑266, and the impact includes unauthorized modification of configuration and execution of arbitrary commands.

Affected Systems

Affected products are OpenClaw OpenClaw platform versions 2026.3.7 through 2026.3.10. The vulnerability manifests in Node.js deployments of OpenClaw. Users running any of these pre‑2026.3.11 releases are susceptible.

Risk and Exploitability

The CVSS score is 9.2, indicating high severity. Although EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog, the flaw permits remote unauthenticated access to privileged operations, making exploitation highly attractive to attackers. The expected attack path involves sending crafted HTTP requests to plugin subagent endpoints, leveraging the synthetic admin scopes to execute gateway methods.

Generated by OpenCVE AI on March 31, 2026 at 12:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to version 2026.3.11 or later.
  • Confirm that the environment no longer runs any of the vulnerable OpenClaw releases.
  • If upgrading immediately is not possible, restrict network access to the plugin subagent routes or block external requests to those endpoints.
  • Verify that no synthetic operator clients are exposed to the public internet.

Generated by OpenCVE AI on March 31, 2026 at 12:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 31 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L'}

 cvssV3_1

{'score': 9.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L'}

Tue, 31 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 31 Mar 2026 11:45:00 +0000

Type Values Removed Values Added
Description OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization bypass vulnerability where plugin subagent routes execute gateway methods through a synthetic operator client with broad administrative scopes. Remote unauthenticated requests to plugin-owned routes can invoke runtime.subagent methods to perform privileged gateway actions including session deletion and agent execution.
Title OpenClaw 2026.3.7 < 2026.3.11 - Authorization Bypass in Plugin Subagent Routes via Synthetic Admin Scopes
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-266
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L'}

cvssV4_0

{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-31T17:55:43.970Z

Reserved: 2026-03-16T21:19:31.965Z

Link: CVE-2026-32916

cve-icon Vulnrichment

Updated: 2026-03-31T15:34:09.759Z

cve-icon NVD

Status : Received

Published: 2026-03-31T12:16:28.197

Modified: 2026-03-31T18:16:51.150

Link: CVE-2026-32916

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:39:11Z

Weaknesses