PT-2026-29233 · Openclaw · Openclaw
Qi Deng
·
Published
2026-03-13
·
Updated
2026-03-31
·
CVE-2026-32977
CVSS v3.1
6.3
Medium
| Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OpenClaw versions prior to 2026.3.11
Description
The software contains a sandbox boundary bypass issue in the fs-bridge writeFile commit step. This is due to the use of an unanchored container path during the final move operation, creating a time-of-check-time-of-use race condition. An attacker can modify parent paths within the sandbox to redirect committed files outside the validated writable path within the container mount namespace.
Recommendations
Update to version 2026.3.11 or later.
Fix
Time Of Check To Time Of Use
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openclaw