Detections
Analytics

CVE-2026-44112

high

Description

OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that allows attackers to redirect writes outside the intended mount root. Attackers can exploit symlink swaps during filesystem operations to bypass sandbox restrictions and write files outside the local mount root.

References

https://www.vulncheck.com/advisories/openclaw-symlink-swap-race-condition-in-openshell-fs-bridge-writes

https://github.com/openclaw/openclaw/security/advisories/GHSA-wppj-c6mr-83jj

https://www.databreachtoday.com/patched-openclaw-flaw-let-hackers-hijack-ai-agents-a-31720

https://www.securityweek.com/claw-chain-openclaw-flaws-allow-sandbox-escape-backdoor-delivery/

https://thehackernews.com/2026/05/four-openclaw-flaws-enable-data-theft.html

https://github.com/openclaw/openclaw/commit/7be82d4fd1193bcb7e44ee38838f00bf924ffa76

Details

Source: Mitre, NVD

Published: 2026-05-06

Updated: 2026-05-13

Named Vulnerability: Claw Chain

Risk Information

CVSS v2

Base Score: 8.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.6

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

Severity: Critical

CVSS v4

Base Score: 8.4

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:H

Severity: High

EPSS

EPSS: 0.00024