CVE-2026-32002

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.23

Description The sandboxed image tool does not enforce tools.fs.workspaceOnly restrictions on mounted sandbox paths, allowing attackers to read files outside the designated workspace. Attackers can load restricted mounted images and exfiltrate them through vision model provider requests, bypassing sandbox confidentiality controls. The workspaceOnly setting was enforced in sandbox file tools and apply patch, but not propagated to the image sandbox path resolution.

Recommendations OpenClaw versions prior to 2026.2.23 should be updated to version 2026.2.23 or later.