Description
OpenClaw versions prior to 2026.2.24 contain a sandbox bind validation vulnerability allowing attackers to bypass allowed-root and blocked-path checks via symlinked parent directories with non-existent leaf paths. Attackers can craft bind source paths that appear within allowed roots but resolve outside sandbox boundaries once missing leaf components are created, weakening bind-source isolation enforcement.
Published: 2026-03-18
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sandbox Escape
Action: Immediate Patch
AI Analysis

Impact

OpenClaw versions prior to 2026.2.24 contain a sandbox bind validation vulnerability that permits attackers to bypass allowed-root and blocked-path checks by exploiting symlinked parent directories combined with non-existent leaf components. Because bind source paths originally appear inside sandbox roots but resolve to locations outside the sandbox once missing leaf components are created, the application’s isolation enforcement is weakened. This enables an attacker to read, write, or execute files outside the intended sandbox boundaries, effectively escaping the sandbox and potentially gaining elevated privileges or compromising system integrity. The weakness corresponds to CWE-22, which deals with path traversal and file disclosure errors.

Affected Systems

The affected product is OpenClaw (vendor OpenClaw). All releases prior to 2026.2.24 are vulnerable. The product is listed under CPE "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*".

Risk and Exploitability

The vulnerability has a CVSS score of 6.9, indicating moderate severity. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the attack would likely require the attacker to influence the bind source paths used by OpenClaw, suggesting local or privileged access is necessary. However, the vulnerability renders the sandbox less reliable, increasing risk if an attacker gains control of any component that can configure bind paths.

Generated by OpenCVE AI on March 18, 2026 at 03:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the patch from commit b5787e4 to upgrade OpenClaw to 2026.2.24 or later
  • Verify that bind source path validation is functioning correctly in your environment
  • Consider adding custom validation to reject symlinked parent directories with missing leaf components
  • Perform testing to confirm sandbox isolation remains intact

Generated by OpenCVE AI on March 18, 2026 at 03:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-m8v2-6wwh-r4gc OpenClaw's sandbox bind validation could bypass allowed-root and blocked-path checks via symlink-parent missing-leaf paths
History

Wed, 18 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 18 Mar 2026 02:15:00 +0000

Type Values Removed Values Added
Description OpenClaw versions prior to 2026.2.24 contain a sandbox bind validation vulnerability allowing attackers to bypass allowed-root and blocked-path checks via symlinked parent directories with non-existent leaf paths. Attackers can craft bind source paths that appear within allowed roots but resolve outside sandbox boundaries once missing leaf components are created, weakening bind-source isolation enforcement.
Title OpenClaw < 2026.2.24 - Sandbox Bind Validation Bypass via Symlink-Parent Missing-Leaf Paths
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-22
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-18T15:39:13.563Z

Reserved: 2026-02-19T22:12:33.923Z

Link: CVE-2026-27523

cve-icon Vulnrichment

Updated: 2026-03-18T15:39:10.242Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-18T02:16:23.420

Modified: 2026-03-18T20:04:53.963

Link: CVE-2026-27523

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:53:35Z

Weaknesses