Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.7
OpenClaw Sandbox Bypass in Pre-2026.3.1 Versions
CVE-2026-32048
Summary
Versions of OpenClaw before 2026.3.1 have a security flaw that allows a malicious user to bypass security restrictions when creating new processes. This could lead to unauthorized access and potentially serious security breaches. If you're using an affected version, update to 2026.3.1 or later to fix the issue.
Original title
OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessions_spawn operations, allowing sandboxed sessions to create child processes under unsandboxed agents....
Original description
OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessions_spawn operations, allowing sandboxed sessions to create child processes under unsandboxed agents. An attacker with a sandboxed session can exploit this to spawn child runtimes with sandbox.mode set to off, bypassing runtime confinement restrictions.
nvd CVSS3.1
7.5
nvd CVSS4.0
7.7
Vulnerability type
CWE-732
Incorrect Permission Assignment for Critical Resource
Published: 21 Mar 2026 · Updated: 21 Mar 2026 · First seen: 21 Mar 2026