The OpenClaw sandbox network isolation bypass allows a trusted operator to join a different container’s network namespace using the docker.network parameter with a container:<id> value. Key detail from CVE description: this technique provides unauthorized access to services within the target container, effectively circumventing network hardening controls. The weakness results in an Access Control Failure, identified as CWE‑284. According to the scoring metadata, the vulnerability carries a CVSS score of 9.3, indicating a high severity that could compromise confidentiality of inter‑container communications and disrupt the isolation guarantees of the platform.

The affected product is OpenClaw, as listed in the CNA vendor record (OpenClaw:OpenClaw). All releases prior to version 2026.2.24 are vulnerable, because the advisory explicitly states “before 2026.2.24”. No sub‑version or patch level is specified, so the entire range of pre‑2026.2.24 builds should be considered at risk. The CPE entry confirms the vulnerability applies to the Node.js implementation of OpenClaw.

Key detail from scores: the CVSS score of 9.3 confirms severe impact, while the EPSS value is marked “not available”, making it difficult to quantify current exploitation prevalence. The KEV catalogue lists this issue as “not listed”, indicating it has not yet been recorded as a known exploited vulnerability by CISA. Based on the description, it is inferred that the attacker must have trusted operator or privileged access to supply the docker.network option; the attack vector is therefore likely local or requires elevated container configuration rights. Once the parameter is set, the attacker can reach services in the target container’s network namespace, potentially facilitating lateral movement or exploitation of services running inside the container.