CVE-2026-32970 — OpenClaw before 2026.3.11 contains a credential fallback vulnerability where…

March 31, 2026 12:27 /HIGH

vulnerabilitycvephishingidentity

🚨 CVE-2026-32970 OpenClaw before 2026.3.11 contains a credential fallback vulnerability where unavailable local gateway.auth.token and gateway.auth.password SecretRefs are treated as unset, allowing fallback to remote credentials in local mode. Attackers can exploit misconfigured local auth references to cause CLI and helper paths to select incorrect credential sources, potentially bypassing intended local authentication boundaries.

🎖@cveNotify

Found this interesting? Follow us on LinkedIn to stay ahead.

Follow Shimi Cohen Follow Shimi's Cyber World