Description
OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape vulnerability allowing sandboxed agents to override exec routing by specifying host=node. Attackers can bypass sandbox boundaries and route execution to remote nodes instead of intended sandbox paths.
Published: 2026-05-05
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenClaw versions released before 2026.4.10 allow a sandboxed agent to override the execution routing logic by specifying a host parameter value of node. This enables an attacker to redirect the agent’s commands to an arbitrary remote node, effectively bypassing the intended sandbox boundaries. The weakness corresponds to CWE‑863, indicating improper implementation of authority control. If exploited, the attacker can execute privileged commands outside the sandbox, jeopardizing the confidentiality, integrity, and availability of the affected system.

Affected Systems

The product impacted is OpenClaw, a node.js–based platform. Version numbers from 2026.4.5 through 2026.4.9 contain the flaw. Users running any of these releases are affected, and should verify their installed version against the listed range.

Risk and Exploitability

The CVSS score of 8.7 highlights a high severity scenario. While an EPSS score is not available, the lack of immediate public exploit discussion does not diminish the risk: the vulnerability removes critical access controls. The KEV status is not listed, but the affected version range suggests that the issue is readily exploitable via crafted input in the host parameter. Attackers would need to trigger the exec routing logic within a sandboxed environment, which can be achieved by supplying a host value set to node as part of a normal API request.

Generated by OpenCVE AI on May 5, 2026 at 12:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.4.10 or later, which removes the host parameter override from exec routing.
  • If a timely upgrade is not possible, disable or tightly control the host parameter in the configuration to prevent arbitrary node selection.
  • Verify that any third‑party integrations or scripts do not allow users to supply arbitrary host values to the exec routing endpoint, and remove such functionality.

Generated by OpenCVE AI on May 5, 2026 at 12:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-736r-jwj6-4w23 OpenClaw: Sandboxed agents could escape exec routing via host=node override
History

Tue, 05 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 05 May 2026 11:45:00 +0000

Type Values Removed Values Added
Description OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape vulnerability allowing sandboxed agents to override exec routing by specifying host=node. Attackers can bypass sandbox boundaries and route execution to remote nodes instead of intended sandbox paths.
Title OpenClaw 2026.4.5 < 2026.4.10 - Sandbox Escape via host Parameter Override in Exec Routing
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-863
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-05T12:24:59.341Z

Reserved: 2026-04-27T11:40:07.152Z

Link: CVE-2026-42434

cve-icon Vulnrichment

Updated: 2026-05-05T12:24:55.106Z

cve-icon NVD

Status : Received

Published: 2026-05-05T12:16:17.767

Modified: 2026-05-05T12:16:17.767

Link: CVE-2026-42434

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-05T14:00:06Z

Weaknesses