AI Threat Alert
CVE-2026-32921
MEDIUMOpenClaw before 2026.3.8 contains an approval bypass vulnerability in system.run where mutable script operands are not bound across approval and execution phases. Attackers can obtain approval for script execution, modify the approved script file before execution, and execute different content...
Full CISO analysis pending enrichment.
What systems are affected?
| Package | Ecosystem | Vulnerable Range | Patched |
|---|---|---|---|
| OpenClaw | pip | — | No patch |
Do you use OpenClaw? You're affected.
How severe is it?
What is the attack surface?
What should I do?
No patch available
Monitor for updates. Consider compensating controls or temporary mitigations.
Which compliance frameworks are affected?
Compliance analysis pending. Sign in for full compliance mapping when available.
Frequently Asked Questions
What is CVE-2026-32921?
OpenClaw before 2026.3.8 contains an approval bypass vulnerability in system.run where mutable script operands are not bound across approval and execution phases. Attackers can obtain approval for script execution, modify the approved script file before execution, and execute different content while maintaining the same approved command shape.
Is CVE-2026-32921 actively exploited?
No confirmed active exploitation of CVE-2026-32921 has been reported, but organizations should still patch proactively.
How to fix CVE-2026-32921?
No patch is currently available. Monitor vendor advisories for updates.
What is the CVSS score for CVE-2026-32921?
CVE-2026-32921 has a CVSS v3.1 base score of 6.3 (MEDIUM).
What are the technical details?
Original Advisory
OpenClaw before 2026.3.8 contains an approval bypass vulnerability in system.run where mutable script operands are not bound across approval and execution phases. Attackers can obtain approval for script execution, modify the approved script file before execution, and execute different content while maintaining the same approved command shape.
Weaknesses (CWE)
CWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition: The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.
- [Implementation] The most basic advice for TOCTOU vulnerabilities is to not perform a check before the use. This does not resolve the underlying issue of the execution of a function on a resource whose state and identity cannot be assured, but it does help to limit the false sense of security given by the check.
- [Implementation] When the file being altered is owned by the current user and group, set the effective gid and uid to that of the current user and group when executing this statement.
Source: MITRE CWE corpus.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L References
- github.com/openclaw/openclaw/commit/c76d29208bf6a7f058d2cf582519d28069e42240 patch
- github.com/openclaw/openclaw/commit/cf3a479bd1204f62eef7dd82b4aa328749ae6c91 patch
- github.com/openclaw/openclaw/security/advisories/GHSA-8g75-q649-6pv6 vendor-advisory
- vulncheck.com/advisories/openclaw-script-content-modification-via-mutable-operand-binding-in-system-run third-party-advisory
Timeline
Related Vulnerabilities
CVE-2026-33579 9.9 Analysis pending
Same package: openclaw CVE-2026-32922 9.9 Analysis pending
Same package: openclaw CVE-2026-30741 9.8 OpenClaw: RCE via request-side prompt injection
Same package: openclaw CVE-2026-53838 9.8 OpenClaw: approval scope bypass via reconnection state
Same package: openclaw CVE-2026-32038 9.8 Analysis pending
Same package: openclaw