HIGHCVE-2026-27523CVSS 7.5

CVE-2026-27523: Sandbox Bypass in openclaw

Platform

nodejs

Component

openclaw

Fixed in

2026.2.24

AI Confidence: highNVDEPSS 0.1%Reviewed: May 2026

View on NVD

Save

CVE-2026-27523 describes a sandbox bypass vulnerability in openclaw, a Node.js package. This flaw allows attackers to potentially access sensitive files by exploiting insufficient validation of bind-source paths when symlinks are involved. Versions of openclaw up to and including 2026.2.23 are affected, with a fix planned for release 2026.2.24.

Impact and Attack Scenarios

The vulnerability stems from a flaw in validateBindMounts where symlink traversal wasn't fully canonicalized when a bind source used a symlinked parent and a non-existent leaf path. An attacker could craft a malicious bind source path leveraging symlinks to point outside the intended sandbox boundaries. This could lead to unauthorized access to files and directories on the host system, potentially including sensitive data or configuration files. The impact is particularly concerning in environments where openclaw is used to isolate untrusted code or processes.

Exploitation Context

This vulnerability was publicly disclosed on March 3, 2026. There are currently no known public proof-of-concept exploits available. The vulnerability is not listed on the CISA KEV catalog as of this writing. Given the potential for file system access, it is recommended to prioritize patching.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

EPSS

0.05% (16% percentile)

CISA SSVC

Exploitationnone

Automatableno

Technical Impactpartial

Affected Software

Componentopenclaw

Vendorosv

Affected rangeFixed in

0 – 2026.2.242026.2.24

—2026.2.24

Weakness Classification (CWE)

CWE-22

Timeline

Reserved2026-02-19
Published2026-03-03
Modified2026-03-18
EPSS updated2026-03-25

Mitigation and Workarounds

The primary mitigation is to upgrade to version 2026.2.24 or later once released. Prior to upgrading, consider restricting the use of symlinks within bind mounts to minimize the attack surface. Implement stricter validation of bind mount source paths, ensuring that the full path is canonicalized and that the target directory exists. Review and audit existing openclaw configurations to identify potential vulnerabilities. While a patch is pending, consider using a WAF to filter requests containing suspicious bind mount paths.

How to fix

Update OpenClaw to version 2026.2.24 or later. This version fixes the sandbox bind validation bypass vulnerability. The update will prevent attackers from bypassing allowed-root and blocked-path checks.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2026-27523 — Sandbox Bypass in openclaw?

CVE-2026-27523 is a HIGH severity vulnerability in openclaw allowing attackers to bypass sandbox restrictions through symlink manipulation, potentially accessing sensitive files.

Am I affected by CVE-2026-27523 in openclaw?

You are affected if you are using openclaw versions 2026.2.23 or earlier. Upgrade to 2026.2.24 to mitigate the risk.

How do I fix CVE-2026-27523 in openclaw?

Upgrade to version 2026.2.24 or later. As a temporary measure, restrict symlink usage and validate bind mount sources.

Is CVE-2026-27523 being actively exploited?

There are currently no confirmed reports of active exploitation, but the vulnerability's potential impact warrants prompt patching.

Where can I find the official openclaw advisory for CVE-2026-27523?

Refer to the openclaw project's repository and release notes for the official advisory and details on the fix.