CVE-2026-32038

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.24

Description OpenClaw contains a sandbox network isolation bypass that allows trusted operators to join another container's network namespace. Attackers can configure the docker.network parameter with container:<id> values to reach services in target container namespaces, bypassing network hardening controls. This issue requires a trusted-operator configuration path and is not an unauthenticated remote exploit. The issue arises because validation blocks only host network mode, while forwarding other values, including container:<id>, to Docker create arguments. This allows a sandbox to join another container's network namespace and access services within that namespace. The practical impact depends on the deployment, with higher impact when a target container exposes privileged or internal network reachability.

Recommendations Versions prior to 2026.2.24: Block namespace-join style network modes, including container:<id>, for sandbox containers, and maintain a strict allowlisting for safe network modes.