Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
OpenClaw sessions_spawn bypasses sandbox protection in certain setups
GHSA-p7gr-f84w-hqg5
Summary
A vulnerability in OpenClaw allows an attacker to escape a sandboxed environment in certain mixed-agent setups. This could lead to unauthorized access to system resources. To fix this, update to version 2026.3.1 or later.
What to do
- Update openclaw to version 2026.3.1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.3.1 | 2026.3.1 |
Original title
OpenClaw's sandboxed sessions_spawn now enforces sandbox inheritance for cross-agent spawns
Original description
### Summary
A sandboxed session could use cross-agent `sessions_spawn` to create a child under an agent configured with `sandbox.mode="off"`, downgrading runtime confinement.
### Impact
In mixed-agent setups that allow cross-agent spawning, a sandboxed requester could escape into an unsandboxed child runtime.
### Fix
Spawn-time sandbox inheritance is now enforced: if the requester is sandboxed and the resolved child runtime would be unsandboxed, spawn is rejected.
### Affected and Patched Versions
- Affected: `<= 2026.2.26`
- Patched: `2026.3.1`
A sandboxed session could use cross-agent `sessions_spawn` to create a child under an agent configured with `sandbox.mode="off"`, downgrading runtime confinement.
### Impact
In mixed-agent setups that allow cross-agent spawning, a sandboxed requester could escape into an unsandboxed child runtime.
### Fix
Spawn-time sandbox inheritance is now enforced: if the requester is sandboxed and the resolved child runtime would be unsandboxed, spawn is rejected.
### Affected and Patched Versions
- Affected: `<= 2026.2.26`
- Patched: `2026.3.1`
ghsa CVSS4.0
6.9
Vulnerability type
CWE-269
Improper Privilege Management
CWE-284
Improper Access Control
Published: 2 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026