Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
OpenClaw: Insecure Hashing Used for Docker Sandbox Configuration
CVE-2026-28479
GHSA-fh3f-q9qw-93j9
Summary
Versions of OpenClaw <= 2026.2.14 use a deprecated and insecure hash algorithm, potentially allowing unauthorized access to sandboxed containers. This has been fixed in version 2026.2.15. Update to the latest version to ensure secure sandbox configuration.
What to do
- Update steipete openclaw to version 2026.2.15.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| steipete | openclaw | <= 2026.2.14 | 2026.2.15 |
Original title
OpenClaw replaced a deprecated sandbox hash algorithm
Original description
## Affected Packages / Versions
- npm package: `openclaw`
- Affected versions: `<= 2026.2.14`
- Fixed version (pre-set): `2026.2.15`
## Description
The sandbox identifier cache key for Docker/browser sandbox configuration used SHA-1 to hash normalized configuration payloads.
SHA-1 is deprecated for cryptographic use and has known collision weaknesses. In this code path, deterministic IDs are used to decide whether an existing sandbox container can be reused safely. A collision in this hash could let one configuration be interpreted as another under the same sandbox cache identity, increasing the risk of cache poisoning and unsafe sandbox state reuse.
The implementation now uses SHA-256 for these deterministic hashes to restore collision resistance for this security-relevant identifier path.
## Fix Commit(s)
- `559c8d993`
## Release Process Note
`patched_versions` is pre-set to `2026.2.15` for the next release. After that release is published, mark this advisory ready for publication.
Thanks @kexinoh ( of Tencent zhuque Lab, by https://github.com/Tencent/AI-Infra-Guard) for reporting.
- npm package: `openclaw`
- Affected versions: `<= 2026.2.14`
- Fixed version (pre-set): `2026.2.15`
## Description
The sandbox identifier cache key for Docker/browser sandbox configuration used SHA-1 to hash normalized configuration payloads.
SHA-1 is deprecated for cryptographic use and has known collision weaknesses. In this code path, deterministic IDs are used to decide whether an existing sandbox container can be reused safely. A collision in this hash could let one configuration be interpreted as another under the same sandbox cache identity, increasing the risk of cache poisoning and unsafe sandbox state reuse.
The implementation now uses SHA-256 for these deterministic hashes to restore collision resistance for this security-relevant identifier path.
## Fix Commit(s)
- `559c8d993`
## Release Process Note
`patched_versions` is pre-set to `2026.2.15` for the next release. After that release is published, mark this advisory ready for publication.
Thanks @kexinoh ( of Tencent zhuque Lab, by https://github.com/Tencent/AI-Infra-Guard) for reporting.
nvd CVSS3.1
7.5
nvd CVSS4.0
8.7
Vulnerability type
CWE-327
Use of a Broken Cryptographic Algorithm
CWE-328
- https://github.com/openclaw/openclaw/releases/tag/v2026.2.15
- https://nvd.nist.gov/vuln/detail/CVE-2026-28479
- https://github.com/advisories/GHSA-fh3f-q9qw-93j9
- https://github.com/openclaw/openclaw/commit/559c8d9930eebb5356506ff1a8cd3dbaec92...
- https://github.com/openclaw/openclaw/security/advisories/GHSA-fh3f-q9qw-93j9
- https://www.vulncheck.com/advisories/openclaw-cache-poisoning-via-deprecated-sha...
Published: 19 Feb 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026