Description
OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC that allows authenticated operators with operator.write permission to override workspace boundaries by supplying attacker-controlled spawnedBy and workspaceDir values. Remote operators can escape the configured workspace boundary and execute arbitrary file and exec operations from any process-accessible directory.
Published: 2026-03-29
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Bypass workspace boundary, enabling arbitrary file access and execution
Action: Immediate Patch
AI Analysis

Impact

OpenClaw before 2026.3.11 contains an authorization bypass in the gateway agent RPC that allows an authenticated operator with operator.write permission to supply attacker‑controlled spawnedBy and workspaceDir values. This override removes the intended workspace boundary; the operator can read, write, or execute files from any directory that the process can access, effectively breaking confidentiality, integrity, and availability of the host.

Affected Systems

The vulnerability affects OpenClaw deployments running any Node.js environment that use the OpenClaw gateway agent prior to version 2026.3.11. All earlier 2026.3.x releases are impacted and require an update.

Risk and Exploitability

With a CVSS score of 8.7 the flaw is considered high severity. EPSS data is not available, but the issue is remotely exploitable by anyone who can authenticate as an operator with write rights, a privilege typically given to trusted administrators. The attack does not require local code execution and relies solely on crafted RPC parameters. Although the vulnerability is not currently listed in CISA’s KEV catalog, its impact is significant for environments that rely on strict workspace confinement.

Generated by OpenCVE AI on March 29, 2026 at 15:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch that updates OpenClaw to version 2026.3.11 or later.
  • If patching is not yet possible, remove or reduce operator.write permissions for all remote users until a fix is available.
  • Validate RPC parameters by implementing stricter input checks that enforce workspace boundaries and reject out‑of‑bounds workspaceDir values.

Generated by OpenCVE AI on March 29, 2026 at 15:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 30 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Sun, 29 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC that allows authenticated operators with operator.write permission to override workspace boundaries by supplying attacker-controlled spawnedBy and workspaceDir values. Remote operators can escape the configured workspace boundary and execute arbitrary file and exec operations from any process-accessible directory.
Title OpenClaw < 2026.3.11 - Workspace Boundary Bypass via Agent RPC Parameters
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-668
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-30T11:37:10.947Z

Reserved: 2026-03-23T11:00:48.408Z

Link: CVE-2026-33573

cve-icon Vulnrichment

Updated: 2026-03-30T11:27:47.930Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-29T13:17:02.980

Modified: 2026-03-30T15:51:37.330

Link: CVE-2026-33573

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-30T06:58:12Z

Weaknesses