CVE-2026-32916

描述

## Summary In affected versions of `openclaw`, the plugin subagent runtime dispatched gateway methods through a synthetic operator client that always carried broad administrative scopes. Plugin-owned HTTP routes using `auth: "plugin"` could therefore trigger admin-only gateway actions without normal gateway authorization. ## Impact This is a critical authorization bypass. An external unauthenticated request to a plugin-owned route could reach privileged subagent runtime methods and perform admin-only gateway actions such as deleting sessions, reading session data, or triggering agent execution. ## Affected Packages and Versions - Package: `openclaw` (npm) - Affected versions: `>= 2026.3.7, < 2026.3.11` - Fixed in: `2026.3.11` ## Technical Details The new plugin subagent runtime preserved neither the original caller's auth context nor least-privilege scope. Instead, it executed gateway dispatches through a fabricated operator client with administrative scopes, which was reachable from plugin-owned routes that intentionally bypass normal gateway auth so plugins can perform their own webhook verification. ## Fix OpenClaw now preserves real authorization boundaries for plugin subagent calls instead of dispatching them through synthetic admin scopes. The fix shipped in `[email protected]`. ## Workarounds Upgrade to `2026.3.11` or later.

受影響套件(1)

• npm/openclaw>= 2026.3.7, < 2026.3.11

CVSS 分數

參考連結(5)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-32916
• PATCHhttps://github.com/openclaw/openclaw
• WEBhttps://github.com/openclaw/openclaw/releases/tag/v2026.3.11
• WEBhttps://github.com/openclaw/openclaw/security/advisories/GHSA-xw77-45gv-p728
• WEBhttps://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-plugin-subagent-routes-via-synthetic-admin-scopes