OpenClaw: Non-owner operator can run code outside intended workspace

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.8

OpenClaw: Non-owner operator can run code outside intended workspace

GHSA-2rqg-gjgv-84jm

Summary

A security issue in OpenClaw allows a non-owner operator to run code outside the intended workspace, potentially accessing sensitive files or tools. This could compromise the security of the system. Update to version 2026.3.11 or later to fix the issue.

What to do

Update openclaw to version 2026.3.11.

Affected software

Vendor	Product	Affected versions	Fix available
–	openclaw	<= 2026.3.8	2026.3.11

Original title

OpenClaw: Gateway `agent` calls could override the workspace boundary

Original description

### Summary

The public gateway `agent` RPC allowed an authenticated operator with `operator.write` to supply attacker-controlled `spawnedBy` and `workspaceDir` values. That let the caller re-root the agent run outside its configured workspace boundary.

### Impact

A non-owner operator could escape the intended workspace boundary and run normal file and exec tools from an arbitrary process-accessible directory.

### Affected versions

`openclaw` `<= 2026.3.8`

### Patch

Fixed in `openclaw` `2026.3.11` and included in later releases such as `2026.3.12`. The gateway now enforces the configured workspace boundary for agent runs regardless of caller-supplied overrides.

ghsa CVSS3.1 8.8

Vulnerability type

CWE-668

Published: 13 Mar 2026 · Updated: 14 Mar 2026 · First seen: 13 Mar 2026