Platform
nodejs
Component
openclaw
Fixed in
2026.3.12
CVE-2026-32975 describes a critical authorization bypass vulnerability discovered in OpenClaw. This flaw allows attackers to circumvent channel authorization controls by manipulating group display names, potentially routing messages to unintended recipients. The vulnerability affects OpenClaw versions prior to 2026.3.12, and a patch is available in version 2026.3.12.
The impact of this vulnerability is significant. An attacker can leverage it to bypass channel authorization within OpenClaw, effectively gaining unauthorized access to sensitive information or control over communication flows. By crafting groups with display names identical to legitimate, allowlisted groups, an attacker can route messages intended for authorized channels to their own agent, potentially exfiltrating data or injecting malicious commands. This could lead to a complete compromise of the OpenClaw instance and the systems it interacts with, depending on the nature of the data being handled and the permissions of the affected agent.
CVE-2026-32975 was publicly disclosed on 2026-03-29. There is no indication of active exploitation or inclusion in the CISA KEV catalog at this time. Public proof-of-concept code is not currently available, but the vulnerability's nature suggests it could be relatively easy to exploit once a suitable PoC is developed.
Exploit Status
EPSS
0.08% (23% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-32975 is to immediately upgrade OpenClaw to version 2026.3.12 or later. If upgrading is not immediately feasible, consider implementing stricter group name validation policies to prevent the creation of groups with names that could be used to spoof legitimate groups. While not a complete solution, this can reduce the attack surface. Review OpenClaw's configuration to ensure the 'Zalouser allowlist mode' is appropriately configured and monitored for suspicious activity. There are no specific WAF or proxy rules that can directly address this vulnerability, as it resides within the application logic.
Update OpenClaw to version 2026.3.12 or later. This version fixes the weak authorization vulnerability by using stable group identifiers instead of mutable display names in the Zalouser allowlist.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-32975 is a critical vulnerability in OpenClaw versions 0-2026.3.12 that allows attackers to bypass channel authorization by manipulating group display names.
If you are using OpenClaw versions 0 through 2026.3.12, you are potentially affected by this vulnerability. Upgrade immediately.
Upgrade OpenClaw to version 2026.3.12 or later to resolve this authorization bypass vulnerability.
There is currently no public information indicating active exploitation of CVE-2026-32975, but the vulnerability's nature makes it a potential target.
Please refer to the official OpenClaw documentation and security advisories for the most up-to-date information regarding CVE-2026-32975.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.