216.73.217.98

CVE-2026-32979

· Published 29/03/2026 13:17 · Modified 30/03/2026 15:56

Labels: CVE-2026-32979 2026-03-29CVE-2026-32979CWE-367[email protected]

Essential information

Published
29/03/2026 13:17
Modified
30/03/2026 15:56
Author
Creator
CVSS
7.0 HIGH (v3) 7.0 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

OpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to execute rewritten local code by modifying scripts between approval and execution when exact file binding cannot occur. Remote attackers can change approved local scripts before execution to achieve unintended code execution as the OpenClaw runtime user.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
openclaw / openclaw cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*

References