CVE-2026-27646

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.7

Description A sandbox escape issue exists in OpenClaw. Authorized sandboxed sessions can initialize host-side ACP runtime through the '/acp spawn' command. Attackers can bypass sandbox restrictions by invoking the '/acp spawn' slash-command to move from a sandboxed chat context into host-side ACP session initialization when ACP is enabled. The issue stems from a missing host-runtime guard in the /acp spawn handler, allowing sandboxed requesters to directly initialize ACP. The vulnerable code is located in src/agents/acp-spawn.ts and src/auto-reply/reply/commands-acp/lifecycle.ts. The /acp spawn command and the initializeSession() function are involved in the exploitation.

Recommendations Versions prior to 2026.3.7 should be updated to version 2026.3.7 or later.