EUVD-2026-13949

🗓️ 21 Mar 2026 03:31:13Reported by EUVDType

OpenClaw before 2026.3.1 has an authorization mismatch allowing authenticated callers with operator.write scope to reach tools.

Reporter	Title	Published	Views	Family All 12
ATTACKERKB	CVE-2026-32051	21 Mar 202600:42	–	attackerkb
Circl	CVE-2026-32051	21 Mar 202602:45	–	circl
CNNVD	OpenClaw 安全漏洞	21 Mar 202600:00	–	cnnvd
CNVD	OpenClaw has an unspecified vulnerability (CNVD-2026-16387)	26 Mar 202600:00	–	cnvd
CVE	CVE-2026-32051	21 Mar 202600:42	–	cve
Cvelist	CVE-2026-32051 OpenClaw < 2026.3.1 - Authorization Bypass in Agent Runs via Owner-Only Tool Access	21 Mar 202600:42	–	cvelist
NVD	CVE-2026-32051	21 Mar 202601:17	–	nvd
OSV	MINI-M6FR-X895-HFWC	24 Mar 202614:30	–	osv
Positive Technologies	PT-2026-26733	21 Mar 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-32051	26 Mar 202615:02	–	redhatcve

[
  {
    "enisaIdVendor": [
      {
        "id": "e80d79a2-7b29-3131-afaa-1eb391a14970",
        "vendor": {
          "name": "OpenClaw"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "e80d79a2-7b29-3131-afaa-1eb391a14970",
        "product": {
          "name": "OpenClaw"
        },
        "product_version": ""
      },
      {
        "id": "ede4f367-c8ca-3ec6-9158-536000e82c44",
        "product": {
          "name": "OpenClaw"
        },
        "product_version": "0 <2026.3.1"
      }
    ]
  }
]

Source	Link
github	www.github.com/openclaw/openclaw/security/advisories/GHSA-jr6x-2q95-fh2g
vulncheck	www.vulncheck.com/advisories/openclaw-authorization-bypass-in-agent-runs-via-owner-only-tool-access
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-32051

21 Mar 2026 03:31Current

5.8Medium risk

Vulners AI Score5.8

CVSS 48.7

CVSS 3.18.8

EPSS0.00092