{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/insufficient-access-control/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["insufficient-access-control","privilege-escalation","web-application"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eOpenClaw versions prior to 2026.3.12 are vulnerable to an insufficient access control issue, designated as CVE-2026-32914. This vulnerability resides in the \u003ccode\u003e/config\u003c/code\u003e and \u003ccode\u003e/debug\u003c/code\u003e command handlers. An attacker who possesses command authorization, but lacks owner privileges, can leverage this flaw to access sensitive owner-only surfaces. The absence of proper owner-level permission checks allows unauthorized users to potentially read or modify privileged configuration settings that should be…\u003c/p\u003e\n","date_modified":"2026-03-29T13:16:59Z","date_published":"2026-03-29T13:16:59Z","id":"/briefs/2026-03-openclaw-access-control/","summary":"OpenClaw before 2026.3.12 contains an insufficient access control vulnerability in the /config and /debug command handlers that allows command-authorized non-owners to access owner-only surfaces, enabling attackers with command authorization to read or modify privileged configuration settings.","title":"OpenClaw Insufficient Access Control Vulnerability (CVE-2026-32914)","url":"https://feed.craftedsignal.io/briefs/2026-03-openclaw-access-control/"}],"language":"en","title":"CraftedSignal Threat Feed — Insufficient-Access-Control","version":"https://jsonfeed.org/version/1.1"}