HIGHCVE-2026-33573Published 2026-03-29Modified 2026-03-30CNA VulnCheck

CVE-2026-33573: OpenClaw < 2026.3.11 - Workspace Boundary Bypass via Agent RPC Parameters

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC that allows authenticated operators with operator.write permission to override workspace boundaries by supplying attacker-controlled spawnedBy and workspaceDir values. Remote operators can escape the configured workspace boundary and execute arbitrary file and exec operations from any process-accessible directory.

CVSS v4.0: 8.7
Severity: HIGH
Fixed in: 2026.3.11
Affected Products: 1

Fix available

2026.3.11

Affected packages

OpenClaw / OpenClaw
< 2026.3.11 (from 0)
Fixed in 2026.3.11

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

GitHub Security Advisory (GHSA-2rqg-gjgv-84jm)
VulnCheck Advisory: OpenClaw < 2026.3.11 - Workspace Boundary Bypass via Agent RPC Parameters

Metrics

Fix available