CVE-2026-41296

critical

Description

OpenClaw before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesystem bridge readFile function that allows sandbox escape. Attackers can exploit the separate path validation and file read operations to bypass sandbox restrictions and read arbitrary files.

References

https://www.vulncheck.com/advisories/openclaw-sandbox-escape-via-toctou-race-in-remote-fs-bridge-readfile

https://github.com/openclaw/openclaw/security/advisories/GHSA-9p3r-hh9g-5cmg

https://github.com/openclaw/openclaw/commit/121870a08583033ed6a0ed73d9ffea32991252bb

Details

Source: Mitre, NVD

Published: 2026-04-21

Updated: 2026-04-21

Risk Information

CVSS v2

Base Score: 6.6

Vector: CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:N

Severity: Medium

CVSS v3

Base Score: 8.2

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

Severity: High

CVSS v4

Base Score: 9.4

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H

Severity: Critical