Description
OpenClaw before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesystem bridge readFile function that allows sandbox escape. Attackers can exploit the separate path validation and file read operations to bypass sandbox restrictions and read arbitrary files.
Published: 2026-04-20
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized file read via sandbox escape
Action: Patch immediately
AI Analysis

Impact

OpenClaw, before version 2026.3.31, has a time‑of‑check, time‑of‑use race condition in the remote filesystem bridge readFile function that lets attackers bypass sandbox restrictions. By exploiting the separate path validation and file read operations, a malicious actor can read arbitrary files, exposing confidential data and potentially enabling further privilege escalation. The weakness is classified as CWE‑367.

Affected Systems

The vulnerability affects the OpenClaw product, specifically all releases prior to 2026.3.31. No additional sub‑version details are provided, so any deployment of OpenClaw older than 2026.3.31 is considered vulnerable.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity level. While no EPSS score is available and the vulnerability is not currently listed in CISA KEV, the nature of the flaw allows remote exploitation through the exposed readFile interface. Attackers can craft requests that trigger the race condition to read files outside the sandbox boundary, potentially exposing sensitive information. The primary attack vector is inferred to be remote, as the function is part of the remote filesystem bridge, but a local attacker could also target the sandbox if they control the environment.

Generated by OpenCVE AI on April 21, 2026 at 15:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply OpenClaw version 2026.3.31 or later to eliminate the race condition
  • If an immediate update is not feasible, disable or restrict access to the remote filesystem bridge readFile functionality to prevent unauthorized reads
  • Ensure that file permissions and sandbox boundaries are strictly configured so that even validated requests cannot access privileged files
  • Monitor logs for anomalous readFile activity and implement rate limiting to mitigate potential brute‑force attempts

Generated by OpenCVE AI on April 21, 2026 at 15:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-9p3r-hh9g-5cmg OpenClaw: Sandbox escape via TOCTOU race in remote FS bridge readFile
History

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 20 Apr 2026 23:30:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesystem bridge readFile function that allows sandbox escape. Attackers can exploit the separate path validation and file read operations to bypass sandbox restrictions and read arbitrary files.
Title OpenClaw < 2026.3.31 - Sandbox Escape via TOCTOU Race in Remote FS Bridge readFile
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-367
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-21T19:49:41.570Z

Reserved: 2026-04-20T14:01:13.151Z

Link: CVE-2026-41296

cve-icon Vulnrichment

Updated: 2026-04-21T16:02:59.206Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-21T00:16:29.993

Modified: 2026-04-27T15:06:33.037

Link: CVE-2026-41296

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T15:45:07Z

Weaknesses