Description
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, `normalizeForHash` in `src/agents/sandbox/config-hash.ts` recursively sorted arrays that contained only primitive values. This made order-sensitive sandbox configuration arrays hash to the same value even when order changed. In OpenClaw sandbox flows, this hash is used to decide whether existing sandbox containers should be recreated. As a result, order-only config changes (for example Docker `dns` and `binds` array order) could be treated as unchanged and stale containers could be reused. This is a configuration integrity issue affecting sandbox recreation behavior. Starting in version 2026.2.15, array ordering is preserved during hash normalization; only object key ordering remains normalized for deterministic hashing.
Published: 2026-02-19
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Configuration integrity – stale sandbox containers due to ignored order changes
Action: Patch
AI Analysis

Impact

OpenClaw’s sandbox configuration hashing routine previously sorted arrays of only primitive values before generating a hash. Because the order of such arrays was lost, sandbox configurations that differed only in sequence produced identical hash values. The hash is used to decide whether a sandbox container needs to be recreated. As a result, changes that altered only the order of items (such as Docker dns or binds lists) were treated as unchanged, so containers that were still running stale configurations were reused. This flaw allows an attacker who can inject or modify sandbox configuration to cause the system to continue using unintended settings, thereby compromising configuration integrity.

Affected Systems

All installations of OpenClaw running any version before 2026.2.15 are affected. The vendor is OpenClaw, product OpenClaw, and the issue is present until the 2026.2.15 release which restores array ordering during hashing.

Risk and Exploitability

The vulnerability has a CVSS score of 4.8, indicating moderate severity, and an EPSS score of less than 1 %, suggesting very low likelihood of exploitation in the wild. It is not listed in the CISA KEV catalog. The attack vector is inferred to be local or internal, requiring the ability to alter sandbox configuration data; an attacker who can change the order of configuration arrays can force the system to continue using stale containers. While the impact is limited to configuration integrity, the effect may lead to the execution of outdated or insecure sandbox instances.

Generated by OpenCVE AI on April 17, 2026 at 17:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to OpenClaw v2026.2.15 or later, which preserves array ordering during hash normalization.
  • Force recreation of existing sandbox containers after the upgrade or whenever configuration order changes may have occurred.
  • Verify that sandbox containers are correctly instantiated with the latest configuration to prevent reuse of stale instances.

Generated by OpenCVE AI on April 17, 2026 at 17:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-xxvh-5hwj-42pp OpenClaw's sandbox config hash sorted primitive arrays and suppressed needed container recreation
History

Fri, 20 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Fri, 20 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Feb 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Openclaw
Openclaw openclaw
Vendors & Products Openclaw
Openclaw openclaw

Thu, 19 Feb 2026 23:45:00 +0000

Type Values Removed Values Added
Description OpenClaw is a personal AI assistant. Prior to version 2026.2.15, `normalizeForHash` in `src/agents/sandbox/config-hash.ts` recursively sorted arrays that contained only primitive values. This made order-sensitive sandbox configuration arrays hash to the same value even when order changed. In OpenClaw sandbox flows, this hash is used to decide whether existing sandbox containers should be recreated. As a result, order-only config changes (for example Docker `dns` and `binds` array order) could be treated as unchanged and stale containers could be reused. This is a configuration integrity issue affecting sandbox recreation behavior. Starting in version 2026.2.15, array ordering is preserved during hash normalization; only object key ordering remains normalized for deterministic hashing.
Title OpenClaw's sandbox config hash sorted primitive arrays and suppressed needed container recreation
Weaknesses CWE-1254
References
Metrics cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-20T15:37:20.193Z

Reserved: 2026-02-17T03:08:23.489Z

Link: CVE-2026-27007

cve-icon Vulnrichment

Updated: 2026-02-20T15:26:53.768Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-20T00:16:17.303

Modified: 2026-02-20T18:04:01.157

Link: CVE-2026-27007

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T17:45:24Z

Weaknesses