CVE-2026-27646

MEDIUM

OpenClaw <2026.3.7 - Sandbox Escape

Title source: llm

Description

OpenClaw versions prior to 2026.3.7 contain a sandbox escape vulnerability in the /acp spawn command that allows authorized sandboxed sessions to initialize host-side ACP runtime. Attackers can bypass sandbox restrictions by invoking the /acp spawn slash-command to cross from sandboxed chat context into host-side ACP session initialization when ACP is enabled.

References (3)

[Vendor Advisory] https://github.com/openclaw/openclaw/security/advisories/GHSA-9q36-67vc-rrwg

[Patch] https://github.com/openclaw/openclaw/commit/61000b8e4ded919ca1a825d4700db4cb3fdc56e3

View Patch ZIP pw:eip

[Third Party Advisory] https://vulncheck.com/advisories/openclaw-mar-sandbox-escape-via-acp-spawn-command

Scores

CVSS v3 6.1

EPSS 0.0001

EPSS Percentile 2.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-863

Status published

Products (4)

npm/openclaw 0 - 2026.3.7npm

openclaw/openclaw < 2026.3.7

OpenClaw/OpenClaw < 2026.3.7

OpenClaw/OpenClaw 2026.3.7

Published Mar 23, 2026

Tracked Since Mar 24, 2026