Platform
nodejs
Component
openclaw
Fixed in
2026.3.11
CVE-2026-32915 describes a sandbox boundary bypass vulnerability discovered in OpenClaw. This flaw allows low-privilege leaf subagents to circumvent authorization checks and gain control over other runs within the system. The vulnerability affects versions 0 through 2026.3.11, and a patch is available in version 2026.3.11.
The impact of this vulnerability is significant. An attacker exploiting this flaw can leverage a low-privilege leaf worker to manipulate the execution environment of other subagents. This includes the ability to steer or terminate sibling runs, effectively bypassing intended isolation and potentially escalating privileges. The attacker could influence the execution of code with broader tool policies, leading to unauthorized actions and data compromise. This bypass undermines the core security model of OpenClaw's sandboxing, which is designed to isolate and protect sensitive operations.
CVE-2026-32915 was publicly disclosed on 2026-03-29. The vulnerability's impact stems from a flaw in the authorization checks within OpenClaw's sandboxing mechanism. There is currently no public proof-of-concept available, but the potential for privilege escalation within a sandboxed environment warrants careful attention. The EPSS score is pending evaluation.
Exploit Status
EPSS
0.01% (2% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-32915 is to immediately upgrade OpenClaw to version 2026.3.11 or later. If upgrading is not immediately feasible, consider implementing stricter access control policies within your OpenClaw configuration to limit the potential impact of a successful exploit. Review and audit all subagent configurations to ensure least privilege principles are enforced. While a direct WAF rule is unlikely to be effective, monitoring for unusual subagent interactions and control requests can provide early warning signs of potential exploitation.
Update OpenClaw to version 2026.3.11 or later. This version fixes the sandbox boundary bypass vulnerability by implementing proper authorization checks on subagent control requests.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-32915 is a HIGH severity vulnerability in OpenClaw allowing leaf subagents to bypass sandbox boundaries and potentially control other runs.
If you are using OpenClaw versions 0 through 2026.3.11, you are affected by this vulnerability. Upgrade immediately.
Upgrade OpenClaw to version 2026.3.11 or later to resolve this vulnerability. Review and tighten access control policies.
There are currently no confirmed reports of active exploitation, but the potential impact warrants immediate mitigation.
Refer to the official OpenClaw project website and security advisories for the latest information and updates regarding CVE-2026-32915.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.