https://feed.craftedsignal.io/tags/insufficient-access-control/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioSun, 29 Mar 2026 13:16:59 +0000https://feed.craftedsignal.io/briefs/2026-03-openclaw-access-control/Sun, 29 Mar 2026 13:16:59 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-openclaw-access-control/OpenClaw before 2026.3.12 contains an insufficient access control vulnerability in the /config and /debug command handlers that allows command-authorized non-owners to access owner-only surfaces, enabling attackers with command authorization to read or modify privileged configuration settings.OpenClaw versions prior to 2026.3.12 are vulnerable to an insufficient access control issue, designated as CVE-2026-32914. This vulnerability resides in the /config and /debug command handlers. An attacker who possesses command authorization, but lacks owner privileges, can leverage this flaw to access sensitive owner-only surfaces. The absence of proper owner-level permission checks allows unauthorized users to potentially read or modify privileged configuration settings that should be…

]]>highadvisoryinsufficient-access-controlprivilege-escalationweb-application