CVE-2026-32975 Overview
CVE-2026-32975 is a weak authorization vulnerability affecting OpenClaw versions prior to 2026.3.12. The vulnerability exists in the Zalouser allowlist mode, which incorrectly matches mutable group display names instead of stable group identifiers. This design flaw enables attackers to create groups with identical names to allowlisted groups, effectively bypassing channel authorization and routing messages from unintended groups to the agent.
Critical Impact
Attackers can bypass authorization controls by creating groups with names matching allowlisted groups, enabling unauthorized message routing and potential data exfiltration through the OpenClaw agent.
Affected Products
- OpenClaw versions prior to 2026.3.12
- OpenClaw for Node.js (all affected versions)
Discovery Timeline
- 2026-03-29 - CVE-2026-32975 published to NVD
- 2026-03-30 - Last updated in NVD database
Technical Details for CVE-2026-32975
Vulnerability Analysis
The vulnerability stems from a fundamental authorization design flaw in OpenClaw's Zalouser allowlist implementation. When the allowlist mode is enabled, the system validates incoming messages by comparing group display names rather than immutable group identifiers. Since group display names are mutable and can be changed by group administrators, this creates an exploitable condition where attackers can impersonate legitimate allowlisted groups.
This weakness is classified under CWE-807 (Reliance on Untrusted Inputs in a Security Decision), as the authorization mechanism places trust in user-controlled data (the group display name) to make security-critical routing decisions.
Root Cause
The root cause of this vulnerability is the improper use of mutable attributes for authorization decisions. The Zalouser allowlist implementation relies on group display names—which can be freely modified by group owners or administrators—instead of stable, immutable group identifiers that uniquely identify each group regardless of name changes. This architectural decision violates the security principle of using canonical, trusted identifiers for access control.
Attack Vector
The attack can be executed remotely over the network without requiring any authentication or user interaction. An attacker can exploit this vulnerability through the following approach:
- Reconnaissance: The attacker identifies the target OpenClaw deployment and determines which group names are allowlisted in the Zalouser configuration
- Group Creation: The attacker creates a new group with a display name identical to an allowlisted group
- Authorization Bypass: Messages sent from the attacker-controlled group are incorrectly authorized by the Zalouser allowlist because the display name matches an allowlisted entry
- Message Routing: The attacker's messages are routed to the OpenClaw agent as if they originated from the legitimate allowlisted group
This attack enables unauthorized access to agent functionality, potential data exfiltration, and the ability to inject malicious content into trusted communication channels. For detailed technical information, refer to the GitHub Security Advisory.
Detection Methods for CVE-2026-32975
Indicators of Compromise
- Unexpected groups appearing in message logs with names matching allowlisted groups but different group identifiers
- Multiple groups routing messages to the agent with identical display names
- Anomalous message patterns from groups that were recently created with names matching existing allowlisted entries
- Agent logs showing authorization grants for group identifiers not present in the original allowlist configuration
Detection Strategies
- Implement logging that captures both group display names and group identifiers for all authorized messages
- Create alerts for scenarios where multiple distinct group identifiers share the same display name in authorization logs
- Monitor for newly created groups that match allowlisted group names
- Audit agent communication logs for unexpected source group identifiers
Monitoring Recommendations
- Enable verbose logging in OpenClaw to capture group identifier metadata alongside display names
- Establish baseline metrics for expected group communication patterns and alert on deviations
- Deploy network monitoring to detect unusual message routing patterns to OpenClaw agents
- Review Zalouser allowlist configurations periodically to ensure they reference stable identifiers where possible
How to Mitigate CVE-2026-32975
Immediate Actions Required
- Upgrade OpenClaw to version 2026.3.12 or later immediately
- Review current Zalouser allowlist configurations and document all allowlisted groups by their stable identifiers
- Audit recent agent communication logs for potential exploitation attempts
- Consider temporarily disabling the Zalouser allowlist mode until the patch can be applied
Patch Information
The vulnerability is addressed in OpenClaw version 2026.3.12. This release modifies the Zalouser allowlist implementation to match against stable group identifiers rather than mutable display names. Detailed patch information is available in the GitHub Security Advisory and the VulnCheck Advisory.
Workarounds
- If upgrading is not immediately possible, disable the Zalouser allowlist feature until the patch can be applied
- Implement additional network-level controls to restrict which sources can communicate with the OpenClaw agent
- Manually maintain a mapping of allowlisted group names to their stable identifiers and periodically audit for discrepancies
- Consider implementing application-level message validation that verifies group identifiers against a trusted source
# Upgrade OpenClaw to patched version
npm update openclaw@2026.3.12
# Verify installed version
npm list openclaw
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
