Skip to main content

OpenClaw CVE-2026-41397

| EUVDEUVD-2026-26105 HIGH
Improper Link Resolution Before File Access (CWE-59)
2026-04-28 VulnCheck GHSA-cwf8-44x6-32c2
7.6
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.6 HIGH
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

8
Re-analysis Queued
Apr 28, 2026 - 20:23 vuln.today
cvss_changed
Analysis Generated
Apr 28, 2026 - 20:05 vuln.today
Severity Changed
Apr 28, 2026 - 19:52 NVD
MEDIUM HIGH
CVSS changed
Apr 28, 2026 - 19:52 NVD
6.8 (MEDIUM) 7.6 (HIGH)
EUVD ID Assigned
Apr 28, 2026 - 19:30 euvd
EUVD-2026-26105
Analysis Generated
Apr 28, 2026 - 19:30 vuln.today
Patch released
Apr 28, 2026 - 19:30 nvd
Patch available
CVE Published
Apr 28, 2026 - 18:09 nvd
HIGH 7.6

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 1 npm packages depend on openclaw (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 2026.3.31.

DescriptionCVE.org

OpenClaw before 2026.3.31 contains a sandbox escape vulnerability allowing attackers to traverse directory boundaries through symlink exploitation during file synchronization operations. Remote attackers can bypass sandbox restrictions by crafting malicious symlinks in mirror sync operations to access arbitrary files outside intended boundaries.

AnalysisAI

Sandbox escape in OpenClaw file synchronization before version 2026.3.31 enables remote authenticated attackers to read and write arbitrary files outside intended boundaries via crafted symlinks during mirror sync operations. The vulnerability exploits CWE-59 (Improper Link Resolution Before File Access) with attack complexity rated High and requires low privileges, indicating targeted exploitation scenarios. Vendor patches available via GitHub commits c02ee8a and 3b9dab0, with CVSS 7.6 reflecting high confidentiality and integrity impact but no availability impact. No active exploitation or public POC identified at time of analysis beyond vendor disclosure.

Technical ContextAI

This vulnerability affects the file synchronization component of OpenClaw (CPE: cpe:2.3:a:openclaw:openclaw), classified as CWE-59 (Improper Link Resolution Before File Access / Link Following). The flaw occurs when OpenClaw's sandbox environment fails to properly validate symbolic links during mirror synchronization operations. When processing sync requests, the application follows symlinks without verifying whether the target path escapes the intended sandbox directory boundaries. This is a classic TOCTOU (Time-of-Check-Time-of-Use) issue where symlink resolution happens after path validation, allowing an attacker to substitute a legitimate path with a symlink pointing to restricted filesystem locations. The CVSS 4.0 vector indicates network-based attack delivery (AV:N), high complexity (AC:H) suggesting specific timing or configuration requirements, and present attack techniques (AT:P) meaning specialized knowledge is needed. The vulnerability impacts confidentiality and integrity (VC:H/VI:H) while leaving availability unaffected (VA:N), with no scope change (SC:N/SI:N/SA:N), indicating the attack remains within the vulnerable component's privileges.

RemediationAI

Upgrade to OpenClaw version 2026.3.31 or later, which contains fixes implemented in GitHub commits c02ee8a3a4cb390b23afdf21317aa8b2096854d1 and 3b9dab0ece4643a9643e6a45459f5c709d3ce320. Review the vendor advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-cwf8-44x6-32c2 for version-specific guidance. If immediate patching is not feasible, implement compensating controls: disable remote access to mirror sync functionality entirely by blocking sync API endpoints at the network perimeter (eliminates AV:N vector but breaks legitimate sync use cases); restrict sync feature access to only essential administrative accounts via RBAC policies (raises PR:L to PR:H, reducing attacker pool); deploy filesystem-level symlink restrictions using mount options like 'nosymfollow' on sync target directories (breaks legitimate symlink use within sync operations); enable audit logging for all sync operations with real-time alerting on sync requests containing symlink paths (detection-focused, does not prevent exploitation but enables incident response). Each mitigation trades functionality for security-coordinate with application owners before implementing.

CVE-2026-28446 CRITICAL POC
9.4 Mar 05

Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.

CVE-2026-33579 CRITICAL POC
9.4 Mar 31

Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b

CVE-2026-32042 HIGH POC
8.8 Mar 21

OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att

CVE-2026-32051 HIGH POC
8.8 Mar 21

An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.

CVE-2026-25253 HIGH POC
8.8 Feb 01

OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e

CVE-2026-32846 HIGH POC
8.7 Mar 26

Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in

CVE-2026-32064 HIGH POC
7.7 Mar 21

OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all

CVE-2026-32055 HIGH POC
7.6 Mar 21

OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director

CVE-2026-32056 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func

CVE-2026-32049 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste

CVE-2026-32048 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low

CVE-2026-25474 HIGH POC
7.5 Feb 19

OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec

Share

CVE-2026-41397 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy