High severityNVD Advisory· Published Mar 29, 2026· Updated Mar 30, 2026
OpenClaw < 2026.3.11 - Unbound Interpreter and Runtime Commands Bypass in node-host Approval
CVE-2026-32979
Description
OpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to execute rewritten local code by modifying scripts between approval and execution when exact file binding cannot occur. Remote attackers can change approved local scripts before execution to achieve unintended code execution as the OpenClaw runtime user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
openclawnpm | < 2026.3.11 | 2026.3.11 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-xf99-j42q-5w5pghsaADVISORY
- github.com/openclaw/openclaw/security/advisories/GHSA-xf99-j42q-5w5pghsathird-party-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-32979ghsaADVISORY
- www.vulncheck.com/advisories/openclaw-unbound-interpreter-and-runtime-commands-bypass-in-node-host-approvalghsathird-party-advisoryWEB
- github.com/openclaw/openclaw/releases/tag/v2026.3.11ghsaWEB
News mentions
0No linked articles in our index yet.