{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T11:06:54.115","vulnerabilities":[{"cve":{"id":"CVE-2026-32302","sourceIdentifier":"security-advisories@github.com","published":"2026-03-13T19:54:41.650","lastModified":"2026-03-24T21:36:21.617","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-originated WebSocket connections could bypass origin validation when gateway.auth.mode was set to trusted-proxy and the request arrived with proxy headers. A page served from an untrusted origin could connect through a trusted reverse proxy, inherit proxy-authenticated identity, and establish a privileged operator session. This vulnerability is fixed in 2026.3.11."},{"lang":"es","value":"OpenClaw es un asistente personal de IA. Antes de 2026.3.11, las conexiones WebSocket originadas en el navegador podían eludir la validación de origen cuando gateway.auth.mode estaba configurado como trusted-proxy y la solicitud llegaba con encabezados de proxy. Una página servida desde un origen no confiable podía conectarse a través de un proxy inverso confiable, heredar una identidad autenticada por proxy y establecer una sesión de operador privilegiada. Esta vulnerabilidad está corregida en 2026.3.11."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-346"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2026.3.11","matchCriteriaId":"4B01F0B5-B0CB-462E-A546-2BA2CACD83D5"}]}]}],"references":[{"url":"https://github.com/openclaw/openclaw/commit/ebed3bbde1a72a1aaa9b87b63b91e7c04a50036b","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.11","source":"security-advisories@github.com","tags":["Patch","Product"]},{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5wcw-8jjv-m286","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}