CVE-2026-27523

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.24

Description OpenClaw contains a sandbox bind validation issue that allows attackers to bypass allowed-root and blocked-path checks. This is achieved through symlinked parent directories with non-existent leaf paths. Attackers can create bind source paths that appear to be within allowed roots but resolve outside the sandbox boundaries once missing leaf components are created, weakening bind-source isolation enforcement. The validateBindMounts function previously relied on full-path realpath only when the full source path already existed, failing to fully canonicalize parent symlink traversal before checks. This allows a source path that appears inside an allowed root to resolve outside that root, potentially including blocked runtime paths.

Recommendations Update OpenClaw to version 2026.2.24 or later.