Approval Context-Binding Weakness in OpenClaw by OpenClaw
CVE-2026-32058

2LOW

Key Information:

Vendor

Openclaw

Status
Openclaw
Vendor
CVE Published:
21 March 2026

What is CVE-2026-32058?

OpenClaw versions before 2026.2.26 are vulnerable to an approval context-binding weakness that impacts the system.run execution flows when the host is set to 'node'. This vulnerability allows an attacker with access to an approval ID to reuse previous approvals while altering the environment variables. Such exploitation enables attackers to bypass execution-integrity controls within approval-enabled workflows, posing significant risks to the integrity of system operations and security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

OpenClaw 0 < 2026.2.26

OpenClaw 2026.2.26

References

https://github.com/openclaw/openclaw/security/advisories/...
third-party-advisory
https://github.com/openclaw/openclaw/commit/10481097f8e6d...
patch
https://www.vulncheck.com/advisories/openclaw-approval-co...
third-party-advisory

CVSS V4

Score:
2
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

tdjackey
JSON
.