EUVD-2026-17388

🗓️ 31 Mar 2026 12:31:36Reported by EUVDType

Sandbox boundary bypass in OpenClaw before 2026.3.11 allows writing outside the validated path during fs-bridge staged writes.

Reporter	Title	Published	Views	Family All 11
ATTACKERKB	CVE-2026-32988	31 Mar 202611:17	–	attackerkb
Circl	CVE-2026-32988	31 Mar 202612:25	–	circl
CNNVD	OpenClaw 安全漏洞	31 Mar 202600:00	–	cnnvd
CNVD	OpenClaw has an unspecified vulnerability (CNVD-2026-17184)	10 Apr 202600:00	–	cnvd
CVE	CVE-2026-32988	31 Mar 202611:17	–	cve
Cvelist	CVE-2026-32988 OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Unvalidated Temporary File Creation	31 Mar 202611:17	–	cvelist
NVD	CVE-2026-32988	31 Mar 202612:16	–	nvd
OSV	MINI-4GR5-579C-73VP	5 Apr 202618:27	–	osv
Positive Technologies	PT-2026-29235	31 Mar 202600:00	–	ptsecurity
Snyk	Time-of-check Time-of-use (TOCTOU) Race Condition	13 Mar 202615:48	–	snyk

[
  {
    "enisaIdVendor": [
      {
        "id": "999106c7-8c75-334b-b154-65206d0d1ab7",
        "vendor": {
          "name": "OpenClaw"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "999106c7-8c75-334b-b154-65206d0d1ab7",
        "product": {
          "name": "OpenClaw"
        },
        "product_version": ""
      },
      {
        "id": "a73a0958-3c0b-3848-a59c-c39eed7a90d3",
        "product": {
          "name": "OpenClaw"
        },
        "product_version": "0 <2026.3.11"
      }
    ]
  }
]

Source	Link
github	www.github.com/openclaw/openclaw/security/advisories/GHSA-mj4p-rc52-m843
vulncheck	www.vulncheck.com/advisories/openclaw-sandbox-boundary-bypass-via-unvalidated-temporary-file-creation
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-32988

31 Mar 2026 12:31Current

5.9Medium risk

Vulners AI Score5.9

CVSS 45.8

CVSS 3.17.5

EPSS0.00015

SSVC