Plattform
nodejs
Komponente
openclaw
Behoben in
2026.2.24
2026.2.24
CVE-2026-27523 describes a sandbox bypass vulnerability in openclaw, a Node.js package. This flaw allows attackers to potentially access sensitive files by exploiting insufficient validation of bind-source paths when symlinks are involved. Versions of openclaw up to and including 2026.2.23 are affected, with a fix planned for release 2026.2.24.
The core of this vulnerability lies in how openclaw validates bind mounts within its sandbox. Specifically, the validateBindMounts function fails to properly canonicalize paths when a symlinked parent directory is used in conjunction with a non-existent leaf path. An attacker can exploit this by crafting a bind mount source that leverages a symlink to a parent directory, followed by a non-existent file path. This bypass allows the attacker to effectively control the path being mounted into the sandbox, potentially granting access to files and directories outside the intended boundaries. The potential impact includes unauthorized access to sensitive data, code execution within the sandbox context, and potentially broader system compromise depending on the sandbox's configuration and privileges.
This vulnerability was publicly disclosed on March 3, 2026. Currently, there is no indication of active exploitation campaigns targeting CVE-2026-27523. The EPSS score is pending evaluation. Public proof-of-concept code is not yet available, but the vulnerability's nature suggests it could be relatively easy to exploit once a PoC is released. Monitor security advisories and vulnerability databases for updates.
Applications and services utilizing openclaw to sandbox untrusted code or processes are at risk. This includes Node.js applications that rely on openclaw for isolation or security. Developers using openclaw in their projects should prioritize patching.
• nodejs / server:
npm list openclaw• nodejs / server:
grep -r 'validateBindMounts' /path/to/node_modules/openclaw/• nodejs / supply-chain: Check package.json for dependencies on vulnerable versions of openclaw.
disclosure
patch
Exploit-Status
EPSS
0.05% (16% Perzentil)
CISA SSVC
The primary mitigation for CVE-2026-27523 is to upgrade to version 2026.2.24 or later once released. As a temporary workaround, restrict the use of symlinks in bind mount sources within your application. Implement strict path validation and sanitization on all user-provided bind mount paths. Consider using a Web Application Firewall (WAF) to filter requests containing suspicious bind mount paths. Monitor your application logs for unusual file access patterns or errors related to bind mounts. After upgrading, confirm the fix by attempting to create a bind mount using a symlinked parent directory and a non-existent leaf path; the operation should be rejected.
Actualice OpenClaw a la versión 2026.2.24 o posterior. Esta versión corrige la vulnerabilidad de omisión de validación de enlace de sandbox. La actualización evitará que los atacantes eludan las comprobaciones de ruta bloqueada y raíz permitida.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-27523 is a HIGH severity vulnerability in openclaw allowing attackers to bypass sandbox restrictions through symlink manipulation, potentially accessing sensitive files.
You are affected if you are using openclaw versions 2026.2.23 or earlier. Upgrade to 2026.2.24 to mitigate the risk.
Upgrade to version 2026.2.24 or later. As a temporary measure, restrict symlink usage and validate bind mount sources.
There are currently no confirmed reports of active exploitation, but the vulnerability's potential impact warrants prompt patching.
Refer to the openclaw project's repository and release notes for the official advisory and details on the fix.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.