A New OpenClaw Vulnerability Lets Anyone Hijack Your Gateway Through Any Installed Plugin

Every plugin you install on OpenClaw opens a door. As of yesterday, one of those doors didn't have a lock.

TL;DR: CVE-2026-32916, published March 31, 2026, affects OpenClaw versions 2026.3.7 through 2026.3.10. Any plugin's subagent routes can be exploited by a remote attacker -- no login required -- to delete sessions and execute agents on your gateway. The fix is one version bump: update to 2026.3.11. If you're running a vulnerable version, do it now.

What Happened?

OpenClaw plugins get their own routes -- think of them as side doors into your gateway that the plugin uses to do its job. Normally, those doors are supposed to check who's knocking before letting anyone in.

Here's the thing. The way plugin subagent routes were built, they ran through a synthetic operator client -- basically a backstage pass with broad administrative access. So when a request came in through a plugin route, the system treated it like it came from someone with the keys to the whole building.

That means a remote attacker, with no credentials at all, could hit a plugin route and use it to call privileged gateway functions. Session deletion. Agent execution. Actions that should require full admin access, available to anyone who knew the right URL.

The vulnerability was published yesterday -- March 31, 2026, at 11:17 UTC. It affects versions 2026.3.7 through 2026.3.10. It's patched in 2026.3.11. No known exploitation has been confirmed yet, but the window is open.

Why Should You Care?

Two reasons. First, this isn't about some obscure edge case. If you've installed any plugin -- and most OpenClaw users have -- you had an exploitable route sitting on your gateway. The more plugins you run, the more side doors existed.

Second, the severity rating is contested. RedPacket Security scored it at CVSS 7.7 (High). TheHackerWire rated it 9.4 (Critical). The NVD hasn't weighed in yet. That kind of discrepancy usually means the attack complexity is debatable -- but the impact isn't. Whether it's a 7.7 or a 9.4, an unauthenticated attacker running commands on your gateway is a bad day.

This is the twelfth OpenClaw CVE in roughly two weeks. The pattern isn't slowing down. If you're self-hosting, you need to treat version checks as routine maintenance -- not something you do when something breaks.

What To Do Right Now

1. Check your version. If you're running 2026.3.7 through 2026.3.10, you're exposed. Update to 2026.3.11 today.
2. Audit your plugins. Know what you have installed and whether each plugin is actively maintained. Every plugin adds routes -- every route is a potential surface.
3. Set a version-check cadence. Once a week, verify you're on the latest patch. The CVE pace right now demands it.