CVE-2026-32978

Sažetak

OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable file operands for certain script runners like tsx and jiti. Attackers can obtain approval for benign script commands, rewrite referenced scripts on disk, and execute modified code under the approved run context.

Reference

https://github.com/openclaw/openclaw/security/advisories/GHSA-qc36-x95h-7j53
https://www.vulncheck.com/advisories/openclaw-approval-bypass-via-unrecognized-script-runners

CVSS

Base:	8.0
Impact:	6.0
Exploitability:	1.3

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Zadnje važnije ažuriranje

30-03-2026 - 17:15

Objavljeno

29-03-2026 - 13:17