PT-2026-25423 — Improper Privilege Management in Npm Openclaw

PT-2026-25423 · Npm · Openclaw

Published

2026-03-03

Updated

2026-03-03

CVSS v3.1

8.0

High

Vector

AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Summary

Sandboxed sessions spawn(runtime="acp") could bypass sandbox inheritance and initialize host-side ACP runtime. The fix now fail-closes ACP spawn from sandboxed requester sessions and rejects sandbox="require" for runtime="acp".

Affected Packages / Versions

Package: openclaw (npm)
Latest published npm version at triage time: 2026.3.1 (March 2, 2026)
Vulnerable range: <=2026.3.1
Patched release: 2026.3.2 (released)

Technical Details

Root cause: runtime="subagent" enforced sandbox inheritance, while runtime="acp" did not enforce equivalent sandbox/runtime checks.
Security impact: sandbox-boundary bypass into host-side ACP initialization.
Fixed behavior:
deny ACP spawn when requester runtime is sandboxed
deny sessions spawn with runtime="acp", sandbox="require"
align sandboxed prompt guidance to avoid advertising blocked ACP paths

Fix Commit(s)

ac11f0af731d41743ba02d8595f4d0fe747336e3
c703aa0fe92df9fb71cf254fc46991e05fba2114

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

GHSA-474H-PRJG-MMW3

Affected Products

Openclaw