Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
OpenClaw Browser Container Sandbox Bypass Exposes Host System to Attackers
CVE-2026-32046
Summary
Old versions of OpenClaw's browser container have a security weakness that allows hackers to run malicious code on your computer without needing to break out of the browser's sandbox. This can happen if you're using an outdated version of OpenClaw. To stay safe, make sure you're running the latest version of OpenClaw, specifically 2026.2.21 or later.
Original title
OpenClaw versions prior to 2026.2.21 contain an improper sandbox configuration vulnerability that allows attackers to execute arbitrary code by exploiting renderer-side vulnerabilities without requ...
Original description
OpenClaw versions prior to 2026.2.21 contain an improper sandbox configuration vulnerability that allows attackers to execute arbitrary code by exploiting renderer-side vulnerabilities without requiring a sandbox escape. Attackers can leverage the disabled OS-level sandbox protections in the Chromium browser container to achieve code execution on the host system.
nvd CVSS3.1
5.3
nvd CVSS4.0
4.8
Vulnerability type
CWE-1188
- https://github.com/openclaw/openclaw/commit/1835dec2004fe7a62c6a7ba46b8485f124ec...
- https://github.com/openclaw/openclaw/commit/e7eba01efc4c3c400e9cfd3ce3d661cbc788...
- https://github.com/openclaw/openclaw/security/advisories/GHSA-43x4-g22p-3hrq
- https://www.vulncheck.com/advisories/openclaw-os-level-sandbox-bypass-via-no-san...
Published: 21 Mar 2026 · Updated: 21 Mar 2026 · First seen: 21 Mar 2026