{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32302", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-11T21:16:21.658Z", "datePublished": "2026-03-12T21:22:29.099Z", "dateUpdated": "2026-03-13T13:11:06.707Z"}, "containers": {"cna": {"title": "OpenClaw: Untrusted web origins can obtain authenticated operator.admin access in trusted-proxy mode", "problemTypes": [{"descriptions": [{"cweId": "CWE-346", "lang": "en", "description": "CWE-346: Origin Validation Error", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5wcw-8jjv-m286", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5wcw-8jjv-m286"}, {"name": "https://github.com/openclaw/openclaw/commit/ebed3bbde1a72a1aaa9b87b63b91e7c04a50036b", "tags": ["x_refsource_MISC"], "url": "https://github.com/openclaw/openclaw/commit/ebed3bbde1a72a1aaa9b87b63b91e7c04a50036b"}, {"name": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.11", "tags": ["x_refsource_MISC"], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.11"}], "affected": [{"vendor": "openclaw", "product": "openclaw", "versions": [{"version": "< 2026.3.11", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-12T21:22:29.099Z"}, "descriptions": [{"lang": "en", "value": "OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-originated WebSocket connections could bypass origin validation when gateway.auth.mode was set to trusted-proxy and the request arrived with proxy headers. A page served from an untrusted origin could connect through a trusted reverse proxy, inherit proxy-authenticated identity, and establish a privileged operator session. This vulnerability is fixed in 2026.3.11."}], "source": {"advisory": "GHSA-5wcw-8jjv-m286", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-13T13:10:50.434044Z", "id": "CVE-2026-32302", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T13:11:06.707Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32302", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-13T13:10:50.434044Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T13:11:03.128Z"}}], "cna": {"title": "OpenClaw: Untrusted web origins can obtain authenticated operator.admin access in trusted-proxy mode", "source": {"advisory": "GHSA-5wcw-8jjv-m286", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "openclaw", "product": "openclaw", "versions": [{"status": "affected", "version": "< 2026.3.11"}]}], "references": [{"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5wcw-8jjv-m286", "name": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5wcw-8jjv-m286", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/openclaw/openclaw/commit/ebed3bbde1a72a1aaa9b87b63b91e7c04a50036b", "name": "https://github.com/openclaw/openclaw/commit/ebed3bbde1a72a1aaa9b87b63b91e7c04a50036b", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.11", "name": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.11", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-originated WebSocket connections could bypass origin validation when gateway.auth.mode was set to trusted-proxy and the request arrived with proxy headers. A page served from an untrusted origin could connect through a trusted reverse proxy, inherit proxy-authenticated identity, and establish a privileged operator session. This vulnerability is fixed in 2026.3.11."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-346", "description": "CWE-346: Origin Validation Error"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-12T21:22:29.099Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32302", "state": "PUBLISHED", "dateUpdated": "2026-03-13T13:11:06.707Z", "dateReserved": "2026-03-11T21:16:21.658Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-12T21:22:29.099Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "4B01F0B5-B0CB-462E-A546-2BA2CACD83D5", "versionEndExcluding": "2026.3.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-originated WebSocket connections could bypass origin validation when gateway.auth.mode was set to trusted-proxy and the request arrived with proxy headers. A page served from an untrusted origin could connect through a trusted reverse proxy, inherit proxy-authenticated identity, and establish a privileged operator session. This vulnerability is fixed in 2026.3.11."}, {"lang": "es", "value": "OpenClaw es un asistente personal de IA. Antes de 2026.3.11, las conexiones WebSocket originadas en el navegador pod\u00edan eludir la validaci\u00f3n de origen cuando gateway.auth.mode estaba configurado como trusted-proxy y la solicitud llegaba con encabezados de proxy. Una p\u00e1gina servida desde un origen no confiable pod\u00eda conectarse a trav\u00e9s de un proxy inverso confiable, heredar una identidad autenticada por proxy y establecer una sesi\u00f3n de operador privilegiada. Esta vulnerabilidad est\u00e1 corregida en 2026.3.11."}], "id": "CVE-2026-32302", "lastModified": "2026-03-24T21:36:21.617", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-13T19:54:41.650", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/openclaw/openclaw/commit/ebed3bbde1a72a1aaa9b87b63b91e7c04a50036b"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Product"], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.11"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5wcw-8jjv-m286"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-346"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2026.3.11)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "openclaw", "source": "cna", "vendor": "openclaw"}, "product": "openclaw", "vendor": "openclaw"}], "analysis": {"en": {"generated_at": "2026-03-24T22:30:42.049159+00:00", "value": {"mitigation_remediation": ["Upgrade OpenClaw to version 2026.3.11 or later.", "If an immediate upgrade is not possible, disable gateway.auth.mode trusted\u2011proxy or enforce strict origin validation for WebSocket connections.", "Restrict access to the reverse proxy by limiting or blocking untrusted web origins.", "Monitor WebSocket connection logs for anomalous proxy header usage.", "Apply network segmentation or firewall rules to prevent unintended traversal through the reverse proxy."], "summary": {"action": "Immediate Patch", "impact": "Unauthorized privileged operator access"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the OpenClaw personal AI assistant (openclaw:openclaw) running on Node.js. All releases prior to 2026.3.11 that use gateway.auth.mode set to trusted\u2011proxy are vulnerable. No narrower version list is supplied beyond the release that contains the fix.", "description_and_impact": "OpenClaw allows a browser\u2011originated WebSocket connection to bypass origin validation when gateway.auth.mode is set to trusted\u2011proxy and the request carries proxy headers. A page served from an untrusted origin can therefore inherit the proxy\u2011authenticated identity and start an operator.admin session. The attacker gains full control over the OpenClaw instance, compromising confidentiality, integrity and availability. This weakness is identified as CWE\u2011346.", "risk_and_exploitability": "With a CVSS score of 8.1 the issue is high severity, yet the EPSS score is below 1\u202f% and it is not listed in the CISA KEV catalog, implying a low probability of widespread exploitation. The attack requires only a malicious web page hosted on an untrusted origin that can reach the reverse proxy; the exploitation path is straightforward once the configuration is in place."}}}}, "created": "2026-03-13T09:49:43.125477+00:00", "updated": "2026-03-25T11:50:04.646008+00:00", "vendors": ["openclaw", "openclaw$PRODUCT$openclaw"]}