CVE-2026-32018
LOWOpenClaw < 2026.2.19 - Race Condition in Sandbox Registry Write Operations
Title source: cnaDescription
OpenClaw versions prior to 2026.2.19 contain a race condition vulnerability in concurrent updateRegistry and removeRegistryEntry operations for sandbox containers and browsers. Attackers can exploit unsynchronized read-modify-write operations without locking to cause registry updates to lose data, resurrect removed entries, or corrupt sandbox state affecting list, prune, and recreate operations.
References (3)
Core 3
Core References
Third Party Advisory third-party-advisory
GitHub Security Advisory (GHSA-gq83-8q7q-9hfx)
https://github.com/openclaw/openclaw/security/advisories/GHSA-gq83-8q7q-9hfx
Patch patch
Patch Commit
https://github.com/openclaw/openclaw/commit/cc29be8c9bcdfaecb90f0ab13124c8f5362a6741
Third Party Advisory third-party-advisory
VulnCheck Advisory: OpenClaw < 2026.2.19 - Race Condition in Sandbox Registry Write Operations
https://www.vulncheck.com/advisories/openclaw-race-condition-in-sandbox-registry-write-operations
Scores
CVSS v3
3.6
EPSS
0.0013
EPSS Percentile
3.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-362
Status
published
Products (4)
npm/openclaw
0 - 2026.2.19npm
OpenClaw/OpenClaw
< 2026.2.19
openclaw/openclaw
< 2026.2.19
OpenClaw/OpenClaw
2026.2.19
Published
Mar 19, 2026
Tracked Since
Mar 20, 2026