OpenClaw Insufficient Access Control Vulnerability (CVE-2026-32914)
OpenClaw before 2026.3.12 contains an insufficient access control vulnerability in the /config and /debug command handlers that allows command-authorized non-owners to access owner-only surfaces, enabling attackers with command authorization to read or modify privileged configuration settings.
OpenClaw versions prior to 2026.3.12 are vulnerable to an insufficient access control issue, designated as CVE-2026-32914. This vulnerability resides in the /config and /debug command handlers. An attacker who possesses command authorization, but lacks owner privileges, can leverage this flaw to access sensitive owner-only surfaces. The absence of proper owner-level permission checks allows unauthorized users to potentially read or modify privileged configuration settings that should be…
Detection coverage 2
Detect OpenClaw Unauthorized Config Access
highDetects attempts to access the /config endpoint in OpenClaw without proper authorization, indicating potential exploitation of CVE-2026-32914.
Detect OpenClaw Unauthorized Debug Access
highDetects attempts to access the /debug endpoint in OpenClaw without proper authorization, indicating potential exploitation of CVE-2026-32914.
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
1
2
url