EUVD-2026-17388
GHSA-j69p-564m-x3gh
CVSS Vector
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3Description
OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged writes where temporary file creation and population are not pinned to a verified parent directory. Attackers can exploit a race condition in parent-path alias changes to write attacker-controlled bytes outside the intended validated path before the final guarded replace step executes.
Analysis
Sandbox escape in OpenClaw (before version 2026.3.11) allows local authenticated users to write arbitrary files outside validated directories via a TOCTOU race condition during staged file writes. The fs-bridge component fails to anchor temporary file operations to verified parent directories, enabling attackers to manipulate path aliases between validation and execution phases. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all OpenClaw deployments and identify systems running versions prior to 2026.3.11; verify authentication access controls for local user accounts. Within 7 days: Implement host-based file integrity monitoring on OpenClaw temporary file directories and restrict local user privileges where operationally feasible; engage vendor for patch timeline. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today