Description
OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers to bypass fd-based defenses. Attackers can exploit check-then-act patterns in apply_patch, remove, and mkdir operations to manipulate files between validation and execution.
Published: 2026-04-23
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized File Manipulation
Action: Apply Patch
AI Analysis

Impact

OpenClaw prior to version 2026.3.31 suffers from a Time‑of‑Check Time‑of‑Use condition within sandbox file operations, allowing an attacker to bypass file descriptor‑based safeguards. By exploiting the check‑then‑act patterns in apply_patch, remove, and mkdir calls, malicious actors can alter or create files between validation and execution, potentially compromising data integrity or enabling privileged code execution within the sandbox. This weakness is classified as CWE‑367.

Affected Systems

All OpenClaw installations running any release older than 2026.3.31, across all supported platforms where the Node.js runtime is present. The affected product is OpenClaw:OpenClaw, and the vulnerability is present in the sandbox file handling modules used by the application.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate severity, while the EPSS score of <1% points to a low exploitation probability in the near term. Since the vulnerability is not listed in the CISA KEV catalog, there are no confirmed widespread attacks yet. The likely attack vector is local or remote if the sandbox exposes untrusted user input that triggers apply_patch, remove, or mkdir operations – this inference is drawn from the described check‑then‑act pattern. Overall, the risk is moderate, but the potential for privilege escalation within the sandbox warrants timely remediation.

Generated by OpenCVE AI on April 28, 2026 at 07:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.3.31 or later to remove the TOCTOU flaw.
  • If an upgrade is not immediately possible, restrict the use of apply_patch, remove, and mkdir operations from untrusted code paths within the sandbox until the patch is applied.
  • Implement additional validation or atomic file operation checks after creation to ensure the file path has not been altered between validation and act, mitigating the TOCTOU condition.

Generated by OpenCVE AI on April 28, 2026 at 07:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 24 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 23 Apr 2026 22:15:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers to bypass fd-based defenses. Attackers can exploit check-then-act patterns in apply_patch, remove, and mkdir operations to manipulate files between validation and execution.
Title OpenClaw < 2026.3.31 - Time-of-Check-Time-of-Use (TOCTOU) Vulnerability in Sandbox File Operations
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-367
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 5, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:L'}

cvssV4_0

{'score': 4.3, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-24T18:19:24.482Z

Reserved: 2026-04-20T14:03:06.200Z

Link: CVE-2026-41338

cve-icon Vulnrichment

Updated: 2026-04-24T16:50:01.754Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-23T22:16:39.957

Modified: 2026-04-28T18:56:08.813

Link: CVE-2026-41338

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T07:30:26Z

Weaknesses