PT-2026-25423 · Npm · Openclaw

Publicado

2026-03-03

·

Atualizado

2026-03-03

CVSS v3.1

8.0

Alta

VetorAV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Summary

Sandboxed sessions spawn(runtime="acp") could bypass sandbox inheritance and initialize host-side ACP runtime. The fix now fail-closes ACP spawn from sandboxed requester sessions and rejects sandbox="require" for runtime="acp".

Affected Packages / Versions

  • Package: openclaw (npm)
  • Latest published npm version at triage time: 2026.3.1 (March 2, 2026)
  • Vulnerable range: <=2026.3.1
  • Patched release: 2026.3.2 (released)

Technical Details

  • Root cause: runtime="subagent" enforced sandbox inheritance, while runtime="acp" did not enforce equivalent sandbox/runtime checks.
  • Security impact: sandbox-boundary bypass into host-side ACP initialization.
  • Fixed behavior:
  • deny ACP spawn when requester runtime is sandboxed
  • deny sessions spawn with runtime="acp", sandbox="require"
  • align sandboxed prompt guidance to avoid advertising blocked ACP paths

Fix Commit(s)

  • ac11f0af731d41743ba02d8595f4d0fe747336e3
  • c703aa0fe92df9fb71cf254fc46991e05fba2114

Correção

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-269

Identificadores relacionados

GHSA-474H-PRJG-MMW3

Produtos afetados

Openclaw