Security Advisory

CVE-2026-32976

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-31 11:17:17

Last updated 2026-03-31 15:38:38

Assigner VulnCheck

State PUBLISHED

Description

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing channel commands to mutate protected sibling-account configuration despite configWrites restrictions. Attackers with authorized access on one account can execute channel commands like /config set channels.<provider>.accounts.<id> to modify configuration on target accounts with configWrites: false.

← Browse all CVEs View on cve.org ↗