HIGHCVE-2026-41296Published 2026-04-20Modified 2026-04-21CNA VulnCheck

CVE-2026-41296: OpenClaw < 2026.3.31 - Sandbox Escape via TOCTOU Race in Remote FS Bridge readFile

OpenClaw before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesystem bridge readFile function that allows sandbox escape. Attackers can exploit the separate path validation and file read operations to bypass sandbox restrictions and read arbitrary files.

CVSS v4.0: 8.8
Severity: HIGH
Fixed in: 2026.3.31
Affected Products: 1

Fix available

2026.3.31

Patch commits

Patch Commit

Affected packages

OpenClaw / OpenClaw
< 2026.3.31 (from 0)
Fixed in 2026.3.31

CVSS Vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

References

GitHub Security Advisory (GHSA-9p3r-hh9g-5cmg)
Patch Commit
VulnCheck Advisory: OpenClaw < 2026.3.31 - Sandbox Escape via TOCTOU Race in Remote FS Bridge readFile

Metrics

Fix available