CVE-2026-32046

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.21

Description The software contains an improper sandbox configuration that could allow attackers to execute arbitrary code. This is achieved by exploiting renderer-side issues without needing to escape the sandbox. The OS-level sandbox protections within the Chromium browser container are disabled, enabling code execution on the host system.

Recommendations Update OpenClaw to version 2026.2.21 or later.

Fix

Protection Mechanism Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-693CWE-1188

Related Identifiers

CVE-2026-32046

GHSA-43X4-G22P-3HRQ

GHSA-Q94V-V6M9-JHQ9

Affected Products

Openclaw

CVE-2026-32046

Weakness Enumeration

Related Identifiers

Affected Products

References · 10