Description
OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessions_spawn operations, allowing sandboxed sessions to create child processes under unsandboxed agents. An attacker with a sandboxed session can exploit this to spawn child runtimes with sandbox.mode set to off, bypassing runtime confinement restrictions.
Published: 2026-03-21
Score: 7.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Sandbox escape allowing unsandboxed child runtime creation
Action: Patch immediately
AI Analysis

Impact

OpenClaw versions older than 2026.3.1 permit sandboxed sessions to invoke the cross‑agent sessions_spawn operation without enforcing sandbox inheritance. The vulnerability is coded as a logic issue (CWE‑732) that enables the creation of child processes whose sandbox mode is explicitly set to off, thereby bypassing runtime confinement restrictions and exposing the host to code execution beyond the intended sandbox limits.

Affected Systems

All OpenClaw deployments running any version earlier than 2026.3.1 are affected; the concerned product is OpenClaw by the OpenClaw vendor.

Risk and Exploitability

The vulnerability carries a CVSS score of 7.7, indicating high severity. No EPSS score is reported and it is not listed in the CISA KEV catalog, but it could still be exploited where a sandboxed session can reach a cross‑agent sessions_spawn endpoint, as inferred from the description. An attacker possessing a sandboxed session can potentially cause the host to launch runtime processes with unrestricted privileges, leading to significant confidentiality and integrity risks.

Generated by OpenCVE AI on March 21, 2026 at 06:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.3.1 or later to restore sandbox inheritance enforcement
  • Verify that all cross‑agent sessions_spawn calls enforce sandbox inheritance in your configuration
  • Re‑evaluate any unsandboxed agents to confirm they are not reachable by sandboxed sessions for process creation

Generated by OpenCVE AI on March 21, 2026 at 06:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-p7gr-f84w-hqg5 OpenClaw's sandboxed sessions_spawn now enforces sandbox inheritance for cross-agent spawns
History

Tue, 24 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Sat, 21 Mar 2026 05:30:00 +0000

Type Values Removed Values Added
Description OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessions_spawn operations, allowing sandboxed sessions to create child processes under unsandboxed agents. An attacker with a sandboxed session can exploit this to spawn child runtimes with sandbox.mode set to off, bypassing runtime confinement restrictions.
Title OpenClaw < 2026.3.1 - Sandbox Escape via Cross-Agent sessions_spawn
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-732
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 7.7, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-24T13:43:24.405Z

Reserved: 2026-03-10T19:48:47.514Z

Link: CVE-2026-32048

cve-icon Vulnrichment

Updated: 2026-03-24T13:43:05.377Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-21T01:17:07.510

Modified: 2026-03-24T19:13:59.783

Link: CVE-2026-32048

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:33:26Z

Weaknesses