Impact
The vulnerability is a time‑of‑check/time‑of‑use race condition in the OpenShell sandbox filesystem of OpenClaw. When a file write occurs, the code verifies the intended location but does not prevent a symlink from being swapped in the interim. An attacker can therefore redirect the write operation to any path on the host, allowing modification of files outside the sandbox. This is a CWE‑367 weakness and can lead to unauthorized file writes beyond the intended mount root, compromising the filesystem isolation guarantees of the sandbox.
Affected Systems
All releases of OpenClaw prior to 2026.4.22 that use the OpenShell sandbox are affected. The vulnerability is present in any deployment that employs the legacy OpenShell filesystem bridge for writes. No other vendors or product lines are indicated.
Risk and Exploitability
The CVSS base score of 8.4 reflects high severity. The EPSS score of 2% indicates a very low but non‑zero probability of exploitation, and the issue is not listed in the CISA KEV catalog. Based on the description, it is inferred that the likely attack vector is remote, as an adversary can supply data that triggers the vulnerable write path from a network or untrusted source. Exploitation would allow the attacker to write arbitrary files outside the intended mount root, potentially breaking the sandbox isolation and affecting host filesystem integrity.
OpenCVE Enrichment
Github GHSA