Description
OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged writes where temporary file creation and population are not pinned to a verified parent directory. Attackers can exploit a race condition in parent-path alias changes to write attacker-controlled bytes outside the intended validated path before the final guarded replace step executes.
Published: 2026-03-31
Score: 5.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Escalated File System Access
Action: Apply Patch
AI Analysis

Impact

OpenClaw versions before 2026.3.11 allow attackers to bypass sandbox boundaries by constructing temporary files during staged writes without associating them with a verified parent directory. This race condition lets an adversary write arbitrary data outside the intended, validated path before the final replacement step occurs, potentially enabling the insertion of malicious code or alteration of critical files. The weakness lies in improper handling of temporary file creation, leading to unauthorized file system writes.

Affected Systems

All installations of OpenClaw with a version earlier than 2026.3.11 are vulnerable. The affected software component sits on the Node.js platform, and the flaw exists in the fs-bridge logic that manages file writes within the application’s sandbox.

Risk and Exploitability

With a CVSS score of 5.8, the vulnerability presents a moderate risk. Exploitation requires the attacker to trigger the race condition during the temporary file creation phase, which may be achieved by manipulating input that causes parent-path alias changes. While the advisory does not list it in the CISA KEV catalog and EPSS data is unavailable, the attack path involves local or possibly remote code execution if the sandbox is exposed to untrusted inputs. The risk is therefore significant enough to warrant patching before an exploit is seen in the wild.

Generated by OpenCVE AI on March 31, 2026 at 12:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply OpenClaw 2026.3.11 or later patch

Generated by OpenCVE AI on March 31, 2026 at 12:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 31 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 31 Mar 2026 11:45:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged writes where temporary file creation and population are not pinned to a verified parent directory. Attackers can exploit a race condition in parent-path alias changes to write attacker-controlled bytes outside the intended validated path before the final guarded replace step executes.
Title OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Unvalidated Temporary File Creation
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-367
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H'}

cvssV4_0

{'score': 5.8, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-31T12:17:25.720Z

Reserved: 2026-03-17T11:31:56.957Z

Link: CVE-2026-32988

cve-icon Vulnrichment

Updated: 2026-03-31T12:17:21.744Z

cve-icon NVD

Status : Received

Published: 2026-03-31T12:16:30.047

Modified: 2026-03-31T12:16:30.047

Link: CVE-2026-32988

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:38:57Z

Weaknesses