Zero-Day Security Alert — March 30, 2026: OpenClaw Multiple Critical Vulnerabilities

Daily Security Briefing

March 30, 2026

CVE-2026-32922 | CVSS 9.9 | Critical Severity | No Known Active Exploitation

Affected Product

OpenClaw (Node.js) — versions before 2026.3.11

Description

OpenClaw contains a privilege escalation vulnerability in the device.token.rotate endpoint. Callers with operator.pairing scope can mint tokens with broader scopes because newly minted scopes are not constrained to the caller's existing scope set. This allows an attacker to obtain operator.admin tokens for paired devices and achieve remote code execution on connected nodes via system.run, or gain unauthorized gateway-admin access.

Attack Vector

Network-accessible. Requires low privileges (operator.pairing scope). No user interaction needed. Low attack complexity. Scope change impacts connected nodes.

Remediation

Upgrade to OpenClaw 2026.3.11 or later. Audit and rotate any operator.pairing tokens that may have been used to mint elevated credentials.

CISA Remediation Due Date: N/A

______________________________________________________________________

CVE-2026-32987 | CVSS 9.8 | Critical Severity | No Known Active Exploitation

Affected Product

OpenClaw (Node.js) — versions before 2026.3.13

Description

OpenClaw allows bootstrap setup codes to be replayed during device pairing verification in src/infra/device-bootstrap.ts. Attackers can verify a valid bootstrap code multiple times before approval, escalating pending pairing scopes — including privilege escalation to operator.admin.

Attack Vector

Network-accessible with no privileges required. No user interaction needed. Low attack complexity. Exploitable during device pairing verification windows.

Remediation

Upgrade to OpenClaw 2026.3.13 or later. Invalidate any outstanding bootstrap codes and review pending pairing approvals.

CISA Remediation Due Date: N/A

______________________________________________________________________

CVE-2026-32973 | CVSS 9.8 | Critical Severity | No Known Active Exploitation

Affected Product

OpenClaw (Node.js) — versions before 2026.3.11

Description

OpenClaw contains an exec allowlist bypass vulnerability. The matchesExecAllowlistPattern function improperly normalizes patterns using lowercasing and glob matching that overmatches on POSIX paths, allowing the ? wildcard to match across path separators. Attackers can exploit this to execute commands or access paths not intended by operators.

Attack Vector

Network-accessible with no privileges required. No user interaction needed. Low attack complexity. Exploitable wherever operator-configured exec allowlists are enforced.

Remediation

Upgrade to OpenClaw 2026.3.11 or later. Review exec allowlist patterns for any configurations relying on wildcard characters, and validate that allowlists are not over-permissive.

CISA Remediation Due Date: N/A

______________________________________________________________________

CVE-2026-32974 | CVSS 9.8 | Critical Severity | No Known Active Exploitation

Affected Product

OpenClaw (Node.js) — versions before 2026.3.12

Description

OpenClaw contains an authentication bypass in Feishu webhook mode when only verificationToken is configured without encryptKey. This configuration allows acceptance of forged Feishu events. Unauthenticated network attackers can inject forged events and trigger downstream tool execution by reaching the webhook endpoint.

Attack Vector

Network-accessible with no authentication required. No user interaction needed. Low attack complexity. Any attacker able to reach the webhook endpoint can forge and inject events.

Remediation

Upgrade to OpenClaw 2026.3.12 or later. Additionally, configure encryptKey alongside verificationToken in Feishu webhook deployments to enable full event signature verification.

CISA Remediation Due Date: N/A

______________________________________________________________________

CVE-2026-32924 | CVSS 9.8 | Critical Severity | No Known Active Exploitation

Affected Product

OpenClaw (Node.js) — versions before 2026.3.12

Description

OpenClaw contains an authorization bypass where Feishu reaction events with an omitted chat_type field are misclassified as peer-to-peer conversations instead of group chats. Attackers can exploit this misclassification to bypass groupAllowFrom and requireMention protections in group chat reaction-derived events.

Attack Vector

Network-accessible with no privileges required. No user interaction needed. Low attack complexity. Exploitable by any attacker able to send Feishu reaction events to a vulnerable deployment.

Remediation

Upgrade to OpenClaw 2026.3.12 or later.

CISA Remediation Due Date: N/A

______________________________________________________________________

CVE-2026-32975 | CVSS 9.8 | Critical Severity | No Known Active Exploitation

Affected Product

OpenClaw (Node.js) — versions before 2026.3.12

Description

OpenClaw contains a weak authorization vulnerability in Zalouser allowlist mode. The implementation matches on mutable group display names instead of stable group identifiers, allowing attackers to create groups with identical names to allowlisted groups and thereby bypass channel authorization, routing messages from unintended groups to the agent.

Attack Vector

Network-accessible with no privileges required. No user interaction needed. Low attack complexity. Exploitable wherever Zalouser allowlist mode is active.

Remediation

Upgrade to OpenClaw 2026.3.12 or later.

CISA Remediation Due Date: N/A

This report is generated automatically from NVD and CISA KEV data.