CVE-2026-27002

CRITICAL

OpenClaw <2026.2.15 - Privilege Escalation

Title source: llm

Description

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a configuration injection issue in the Docker tool sandbox could allow dangerous Docker options (bind mounts, host networking, unconfined profiles) to be applied, enabling container escape or host data access. OpenClaw 2026.2.15 blocks dangerous sandbox Docker settings and includes runtime enforcement when building `docker create` args; config-schema validation for `network=host`, `seccompProfile=unconfined`, `apparmorProfile=unconfined`; and security audit findings to surface dangerous sandbox docker config. As a workaround, do not configure `agents.*.sandbox.docker.binds` to mount system directories or Docker socket paths, keep `agents.*.sandbox.docker.network` at `none` (default) or `bridge`, and do not use `unconfined` for seccomp/AppArmor profiles.

References (3)

Scores

CVSS v3 9.8
EPSS 0.0006
EPSS Percentile 18.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-250
Status published

Affected Products (2)

npm/openclaw < 2026.2.15npm
openclaw/openclaw < 2026.2.15

Timeline

Published Feb 20, 2026
Tracked Since Feb 20, 2026