CVE-2026-33573

EPSS 0.05%
Veröffentlicht 29.03.2026 12:44:31
Zuletzt bearbeitet 30.03.2026 15:51:37
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC that allows authenticated operators with operator.write permission to override workspace boundaries by supplying attacker-controlled spawnedBy and workspaceDir values. Remote operators can escape the configured workspace boundary and execute arbitrary file and exec operations from any process-accessible directory.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

OpenClaw ≫ OpenClaw SwPlatformnode.js Version < 2026.3.11

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.157

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
disclosure@vulncheck.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
disclosure@vulncheck.com	8.7	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

https://github.com/openclaw/openclaw/security/advisories/GHSA-2rqg-gjgv-84jm

Vendor Advisory

https://www.vulncheck.com/advisories/openclaw-workspace-boundary-bypass-via-agent-rpc-parameters

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-33573

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-33573

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-33573

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-33573