Description
OpenClaw before 2026.3.31 contains a sandbox escape vulnerability allowing attackers to traverse directory boundaries through symlink exploitation during file synchronization operations. Remote attackers can bypass sandbox restrictions by crafting malicious symlinks in mirror sync operations to access arbitrary files outside intended boundaries.
Published: 2026-04-28
Score: 7.6 High
EPSS: n/a
KEV: No
Impact: Remote attackers can gain access to arbitrary files outside the anticipated sandbox
Action: Patch Immediately
AI Analysis

Impact

OpenClaw versions prior to 2026.3.31 are vulnerable to a sandbox escape that permits directory traversal via malicious symbolic links created during file synchronization operations. The flaw allows a remote actor to craft symlinks that bypass the intended boundary checks, exposing sensitive files and potentially allowing modification of system resources. This vulnerability is a direct manifestation of CWE-59, which concerns path traversal and symlink exploitation.

Affected Systems

All installations of OpenClaw prior to the 2026.3.31 release are affected; the vulnerability is present in community and enterprise builds that use the default file sync feature. Users should verify whether they run an earlier release and note that the fix is included in releases 2026.3.31 and later.

Risk and Exploitability

The CVSS score of 7.6 indicates a high risk for remote attackers. Although an EPSS score is not available, the flaw can be exploited by any attacker able to initiate a file sync request, making the likelihood of exploitation relatively high in exposed environments. The vulnerability is not currently listed in the CISA KEV catalog, but the potential for privilege escalation outside the sandbox warrants immediate attention.

Generated by OpenCVE AI on April 28, 2026 at 23:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the OpenClaw 2026.3.31 release or newer to fully remediate the path traversal flaw
  • Reconfigure the file sync service to disallow the creation or handling of symbolic links within sandboxed directories
  • Review mounted volumes and network shares to ensure that no unintended file system paths are exposed to the sync process, and apply least‑privilege permissions to the sync user

Generated by OpenCVE AI on April 28, 2026 at 23:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.3.31 contains a sandbox escape vulnerability allowing attackers to traverse directory boundaries through symlink exploitation during file synchronization operations. Remote attackers can bypass sandbox restrictions by crafting malicious symlinks in mirror sync operations to access arbitrary files outside intended boundaries.
Title OpenClaw < 2026.3.31 - Sandbox Escape via Unrestricted File Sync and Symlink Traversal
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-59
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 7.6, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-28T18:09:56.314Z

Reserved: 2026-04-20T14:13:45.349Z

Link: CVE-2026-41397

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-28T19:37:43.153

Modified: 2026-04-28T20:10:23.367

Link: CVE-2026-41397

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T23:15:43Z

Weaknesses