OpenClaw: Malware Can Escape Sandbox with Recent Versions

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.6

OpenClaw: Malware Can Escape Sandbox with Recent Versions

GHSA-9p3r-hh9g-5cmg

Summary

OpenClaw, a software tool, has a security weakness that could allow a hacker to escape the security sandbox and take control of your system. This affects versions of OpenClaw released before March 31, 2023. To fix this, update to the latest version, which is version 2026.3.31 or later.

What to do

Update openclaw to version 2026.3.31.

Affected software

Vendor	Product	Affected versions	Fix available
–	openclaw	<= 2026.3.31	2026.3.31

Original title

OpenClaw: Sandbox escape via TOCTOU race in remote FS bridge readFile

Original description

## Summary
Sandbox escape via TOCTOU race in remote FS bridge readFile

## Current Maintainer Triage
- Normalized severity: critical
- Assessment: v2026.3.28 remote sandbox reads still do path-check then separate file read, so the TOCTOU sandbox escape remains present in the latest shipped tag.

## Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published npm version: `2026.3.31`
- Vulnerable version range: `<=2026.3.28`
- Patched versions: `>= 2026.3.31`
- First stable tag containing the fix: `v2026.3.31`

## Fix Commit(s)
- `121870a08583033ed6a0ed73d9ffea32991252bb` — 2026-03-31T09:55:51+09:00

OpenClaw thanks @AntAISecurityLab for reporting.

osv CVSS4.0 8.6

Vulnerability type

CWE-367

Published: 3 Apr 2026 · Updated: 3 Apr 2026 · First seen: 3 Apr 2026