Description
OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that allows attackers to redirect writes outside the intended mount root. Attackers can exploit symlink swaps during filesystem operations to bypass sandbox restrictions and write files outside the local mount root.
Published: 2026-05-06
Score: 6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is a time‑of‑check/time‑of‑use race condition in the OpenShell sandbox filesystem of OpenClaw. When writing a file the code verifies the intended location but does not prevent a symlink from being swapped in the interim. An attacker can therefore redirect the write operation to any path on the host, allowing modification of files outside the sandbox. This is a CWE‑367 weakness and can lead to unauthorized file writes, privilege escalation or system compromise.

Affected Systems

All releases of OpenClaw before 2026.4.22 are affected; any deployment using the OpenShell sandbox in those versions is vulnerable. No additional vendor or product subdivisions are listed.

Risk and Exploitability

The CVSS base score is 6, indicating medium severity. EPSS data is not available and the issue is not listed in the CISA KEV catalog. The attack vector is inferred to be remote, as an adversary can supply data that triggers the vulnerable write path from a network or untrusted source. Exploitation would allow the attacker to write arbitrary files outside the intended mount root, potentially compromising the host system.

Generated by OpenCVE AI on May 6, 2026 at 21:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.4.22 or later, which eliminates the race condition.
  • Restrict the OpenClaw process to read‑write access only on the sandbox mount point and remove any group or world write permissions to the host filesystem.
  • Add application‑level checks or enforce kernel‑level mount namespaces so that file writes are confirmed to remain within the intended mount root before execution.

Generated by OpenCVE AI on May 6, 2026 at 21:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 06 May 2026 20:15:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that allows attackers to redirect writes outside the intended mount root. Attackers can exploit symlink swaps during filesystem operations to bypass sandbox restrictions and write files outside the local mount root.
Title OpenClaw < 2026.4.22 - Symlink Swap Race Condition in OpenShell FS Bridge Writes
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-367
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N'}

cvssV4_0

{'score': 6, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-06T19:49:29.626Z

Reserved: 2026-05-05T11:30:46.259Z

Link: CVE-2026-44112

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-06T20:16:35.057

Modified: 2026-05-06T21:20:52.707

Link: CVE-2026-44112

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T22:15:13Z

Weaknesses