What is CVE-2026-32046?

CVE-2026-32046 is a medium-severity vulnerability in Openclaw, classified under Initialization of a Resource with an Insecure Default. CVSS score: 5.3/10. Published 2026-03-21.

How severe is CVE-2026-32046?

Medium severity. CVSS v3 base score is 5.3 out of 10.

RCE in Openclaw

CVE-2026-32046

OpenClaw versions prior to 2026.2.21 contain an improper sandbox configuration vulnerability that allows attackers to execute arbitrary code by exploiting renderer-side vulnerabilities without requiring a sandbox escape. Attackers can leve…

EPSS: 0.000 (6.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.

Affected products

Openclaw — versions 0, 2026.2.21

Weakness classification (CWE)

CWE-1188 — Initialization of a Resource with an Insecure Default

References

GitHub Security Advisory (GHSA-43x4-g22p-3hrq) (third-party-advisory)
Patch Commit #1 (patch)
Patch Commit #2 (patch)
VulnCheck Advisory: OpenClaw < 2026.2.21 - OS-level Sandbox Bypass via --no-sandbox Flag (third-party-advisory)

Frequently asked questions

What is CVE-2026-32046?: CVE-2026-32046 is a medium-severity vulnerability in Openclaw, classified under Initialization of a Resource with an Insecure Default. CVSS score: 5.3/10. Published 2026-03-21.
How severe is CVE-2026-32046?: Medium severity. CVSS v3 base score is 5.3 out of 10.