CVE-2026-41296
HIGHOpenClaw < 2026.3.31 - Sandbox Escape via TOCTOU Race in Remote FS Bridge readFile
Title source: cnaDescription
OpenClaw before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesystem bridge readFile function that allows sandbox escape. Attackers can exploit the separate path validation and file read operations to bypass sandbox restrictions and read arbitrary files.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
GitHub Security Advisory (GHSA-9p3r-hh9g-5cmg)
https://github.com/openclaw/openclaw/security/advisories/GHSA-9p3r-hh9g-5cmg
Patch patch
Patch Commit
https://github.com/openclaw/openclaw/commit/121870a08583033ed6a0ed73d9ffea32991252bb
Third Party Advisory third-party-advisory
VulnCheck Advisory: OpenClaw < 2026.3.31 - Sandbox Escape via TOCTOU Race in Remote FS Bridge readFile
https://www.vulncheck.com/advisories/openclaw-sandbox-escape-via-toctou-race-in-remote-fs-bridge-readfile
Scores
CVSS v3
8.2
EPSS
0.0020
EPSS Percentile
9.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-367
Status
published
Products (4)
npm/openclaw
0 - 2026.3.31npm
OpenClaw/OpenClaw
< 2026.3.31
openclaw/openclaw
< 2026.3.31
OpenClaw/OpenClaw
2026.3.31
Published
Apr 21, 2026
Tracked Since
Apr 21, 2026