Executive Summary
A critical-severity authorization bypass vulnerability (CVE-2026-32975, CVSS 9.8) has been disclosed in OpenClaw versions prior to 2026.3.12. The flaw is in OpenClaw's Zalouser allowlist mode, which validates channel authorization by matching group display names rather than stable group identifiers. Since display names are mutable and not unique, an attacker can create a new group with a name identical to an allowlisted group, route messages through it, and bypass authorization controls to access protected channels.
CVSS Score: 9.8 (Critical)
Published to the NVD on March 29, 2026, this vulnerability undermines channel-level access controls in any OpenClaw deployment using Zalouser in allowlist mode.
Vulnerability Overview
| Attribute | Value |
|---|---|
| CVE ID | CVE-2026-32975 |
| CVSS Score | 9.8 (Critical) |
| CWE | CWE-863: Incorrect Authorization |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | None |
| Vulnerable Component | Zalouser allowlist mode — group authorization logic |
| Root Cause | Authorization checks display name (mutable) instead of stable group ID |
Affected Products
| Vendor | Product | Affected Versions | Fixed Version |
|---|---|---|---|
| OpenClaw | OpenClaw | All versions before 2026.3.12 | 2026.3.12 |
Vulnerability Details
Mutable Display Name Authorization Flaw
OpenClaw's Zalouser component provides channel-based message routing with an allowlist mode that restricts which groups can send messages to protected channels. The allowlist should be enforced using stable, immutable group identifiers — such as internal group IDs or UUIDs. Instead, the Zalouser implementation compares group display names (human-readable labels that can be changed by users with the appropriate permissions).
Because display names are not unique and can be duplicated:
- An attacker identifies the display name of an allowlisted group (e.g.,
admins) - The attacker creates a new group with the identical display name
admins - When the attacker's group routes a message, Zalouser matches the display name against the allowlist and incorrectly authorizes the request
- Messages are routed to the protected channel despite the sending group not being the intended allowlisted group
Attack flow:
1. Attacker obtains the display name of an allowlisted group (e.g., via enumeration)
2. Attacker creates a new group: displayName = "admins" (or other allowlisted name)
3. Attacker routes a message to a protected channel via the spoofed group
4. Zalouser checks: group.displayName == allowlist entry → TRUE (false positive)
5. Channel authorization is bypassed; message is delivered to the protected channel
6. Attacker may exfiltrate channel content or inject rogue messagesImpact of Successful Exploitation
Successful exploitation allows an attacker to:
- Bypass channel authorization — send messages to channels restricted to specific allowlisted groups
- Inject rogue messages — plant content, commands, or instructions in protected channels
- Exfiltrate channel data — read replies or trigger agent workflows that expose sensitive information
- Escalate privileges via channel commands — if protected channels accept command messages, arbitrary commands can be injected
- Disrupt agent coordination — interfere with legitimate group-to-channel workflows
Deployment Context and Risk
Zalouser allowlist mode is typically used in environments where multiple groups share an OpenClaw deployment and channel isolation is a security requirement. Any such deployment is affected.
| Deployment Context | Risk Level | Notes |
|---|---|---|
| Multi-tenant OpenClaw deployments | Critical | Cross-group channel access with any low-privilege account |
| Enterprise agent platforms | Critical | Protected workflow channels can be injected into |
| CI/CD pipeline integrations | High | Build or deployment channels may accept injected commands |
| Internal chat integrations | High | Sensitive channels exposed to spoofed group routing |
Recommended Mitigations
1. Upgrade Immediately
Upgrade to OpenClaw 2026.3.12, which patches Zalouser to compare stable group identifiers (e.g., internal group IDs) instead of mutable display names.
# Upgrade OpenClaw to 2026.3.12 or later2. Audit Existing Group Display Names
Before patching, audit your deployment for any groups with display names that duplicate allowlisted group names:
1. Export full group list from your OpenClaw/Zalo environment
2. Identify all groups whose display names match any Zalouser allowlist entry
3. Investigate whether any such duplicate groups were created by unauthorized users
4. Rename or remove unauthorized groups immediately3. Restrict Group Creation Permissions
Limit which users can create new groups or modify group display names to prevent future spoofing.
4. Monitor for Exploitation Indicators
| Indicator | Description |
|---|---|
| Duplicate group display names matching allowlisted groups | Potential spoofing setup |
| Messages from unexpected groups in protected channels | Exploitation in progress |
| Zalouser authorization logs showing new group IDs for allowlisted names | Mutable name mismatch detection |
Post-Remediation Checklist
- Upgrade to 2026.3.12 — confirm the stable ID-based authorization logic is active
- Audit group display names — identify and remove any spoofed groups
- Review protected channel message history — check for unauthorized messages injected before patching
- Restrict group management permissions — apply principle of least privilege
- Rotate channel credentials or tokens if unauthorized access to protected channels is confirmed