Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.3
OpenClaw allows malicious code to write outside its own folder
GHSA-xvx8-77m6-gwg6
Summary
An outdated version of OpenClaw can be tricked into writing files in the wrong location on your computer. This can happen if an attacker changes the folder structure while OpenClaw is writing a file. To fix this, upgrade to version 2026.3.11 or later of OpenClaw.
What to do
- Update openclaw to version 2026.3.11.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.3.11 | 2026.3.11 |
Original title
OpenClaw: Sandbox `writeFile` commit could race outside the validated path
Original description
## Summary
In affected versions of `openclaw`, the sandbox fs-bridge `writeFile` commit step used an unanchored container path during the final move into place. An attacker racing parent-path changes inside the sandbox could redirect the committed file outside the validated sandbox path.
## Impact
This is a sandbox boundary bypass. In-sandbox code could win a time-of-check-time-of-use race and cause host-approved `writeFile` operations to land outside the validated writable path within the container mount namespace.
## Affected Packages and Versions
- Package: `openclaw` (npm)
- Affected versions: `< 2026.3.11`
- Fixed in: `2026.3.11`
## Technical Details
The hardening work for anchored remove, rename, and mkdir operations did not fully cover the `writeFile` commit path. The final `mv` still used the raw target path, leaving a race window between safety revalidation and the in-container commit step.
## Fix
OpenClaw now anchors the `writeFile` commit path to the canonical parent directory before the final move. The fix shipped in `[email protected]`.
## Workarounds
Upgrade to `2026.3.11` or later.
In affected versions of `openclaw`, the sandbox fs-bridge `writeFile` commit step used an unanchored container path during the final move into place. An attacker racing parent-path changes inside the sandbox could redirect the committed file outside the validated sandbox path.
## Impact
This is a sandbox boundary bypass. In-sandbox code could win a time-of-check-time-of-use race and cause host-approved `writeFile` operations to land outside the validated writable path within the container mount namespace.
## Affected Packages and Versions
- Package: `openclaw` (npm)
- Affected versions: `< 2026.3.11`
- Fixed in: `2026.3.11`
## Technical Details
The hardening work for anchored remove, rename, and mkdir operations did not fully cover the `writeFile` commit path. The final `mv` still used the raw target path, leaving a race window between safety revalidation and the in-container commit step.
## Fix
OpenClaw now anchors the `writeFile` commit path to the canonical parent directory before the final move. The fix shipped in `[email protected]`.
## Workarounds
Upgrade to `2026.3.11` or later.
ghsa CVSS3.1
6.3
Vulnerability type
CWE-367
Published: 13 Mar 2026 · Updated: 14 Mar 2026 · First seen: 13 Mar 2026