CVE-2026-32007

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.23

Description The experimental apply patch tool in OpenClaw does not consistently enforce workspace-only checks on mounted paths when sandbox mode is enabled. This allows attackers with sandbox access to modify files outside the workspace directory by exploiting inconsistent enforcement of workspace-only checks on mounted paths. Specifically, apply patch operations on writable mounts outside the workspace root can be used to access and modify arbitrary files on the system. This issue only affects configurations where sandbox mode, the experimental apply patch tool, workspace-only expectations, and writable mounts outside the workspace are all enabled. The issue stems from the use of sandbox.bridge.resolvePath(...) in the sandbox path flow without applying the same workspace-root assertion used by other filesystem tools.

Recommendations OpenClaw versions prior to 2026.2.23 should be updated to version 2026.2.23 or later.