EUVD-2026-36614

OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace path to child prompts. Attackers can exploit this by spawning child sessions from sandboxed parents to reveal host workspace location or related memory context ...

EUVD-2026-21128

OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability where sessionstatus resolves sessionId to canonical session keys before enforcing visibility checks. Sandboxed child sessions can exploit this to access parent or sibling sessions that should be blocked...

CVE-2026-35636

OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability where sessionstatus resolves sessionId to canonical session keys before enforcing visibility checks. Sandboxed child sessions can exploit this to access parent or sibling sessions that should be blocked...

CVE-2026-35636

OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability where sessionstatus resolves sessionId to canonical session keys before enforcing visibility checks. Sandboxed child sessions can exploit this to access parent or sibling sessions that should be blocked...

CVE-2026-35636

OpenClaw 2026.3.11–2026.3.24 contains a session isolation bypass where session_status resolves sessionId to canonical session keys before visibility checks, allowing sandboxed child sessions to access parent or sibling sessions that should be blocked by explicit sessionKey restrictions. The descr...

PT-2026-31771

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.3.11 through 2026.3.24 Description OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass. The session status function resolves sessionId to canonical session keys before enforcing visibility...

CVE-2026-27646

OpenClaw versions prior to 2026.3.7 contain a sandbox escape vulnerability in the /acp spawn command that allows authorized sandboxed sessions to initialize host-side ACP runtime. Attackers can bypass sandbox restrictions by invoking the /acp spawn slash-command to cross from sandboxed chat conte...

PT-2026-27223

OpenClaw versions prior to 2026.3.7 contain a sandbox escape vulnerability in the /acp spawn command that allows authorized sandboxed sessions to initialize host-side ACP runtime. Attackers can bypass sandbox restrictions by invoking the /acp spawn slash-command to cross from sandboxed chat conte...

CVE-2026-32048

OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessionsspawn operations, allowing sandboxed sessions to create child processes under unsandboxed agents. An attacker with a sandboxed session can exploit this to spawn child runtimes with sandbox.mode set ...

OpenClaw: Sandboxed /acp spawn requests could initialize host ACP sessions

Summary Sandboxed requester sessions could reach host-side ACP session initialization through /acp spawn. OpenClaw already blocked sessionsspawn runtime: "acp" from sandboxed sessions, but the slash-command path initialized ACP directly without applying the same host-runtime guard first. Affected...

GHSA-9Q36-67VC-RRWG OpenClaw: Sandboxed /acp spawn requests could initialize host ACP sessions

Summary Sandboxed requester sessions could reach host-side ACP session initialization through /acp spawn. OpenClaw already blocked sessionsspawn runtime: "acp" from sandboxed sessions, but the slash-command path initialized ACP directly without applying the same host-runtime guard first. Affected...

OpenClaw: Sandboxed sessions_spawn(runtime="acp") bypassed sandbox inheritance and allowed host ACP initialization

Summary Sandboxed sessionsspawnruntime="acp" could bypass sandbox inheritance and initialize host-side ACP runtime. The fix now fail-closes ACP spawn from sandboxed requester sessions and rejects sandbox="require" for runtime="acp". Affected Packages / Versions - Package: openclaw npm - Latest...

GHSA-474H-PRJG-MMW3 OpenClaw: Sandboxed sessions_spawn(runtime="acp") bypassed sandbox inheritance and allowed host ACP initialization

Summary Sandboxed sessionsspawnruntime="acp" could bypass sandbox inheritance and initialize host-side ACP runtime. The fix now fail-closes ACP spawn from sandboxed requester sessions and rejects sandbox="require" for runtime="acp". Affected Packages / Versions - Package: openclaw npm - Latest...

GHSA-P7GR-F84W-HQG5 OpenClaw's sandboxed sessions_spawn now enforces sandbox inheritance for cross-agent spawns

Summary A sandboxed session could use cross-agent sessionsspawn to create a child under an agent configured with sandbox.mode="off", downgrading runtime confinement. Impact In mixed-agent setups that allow cross-agent spawning, a sandboxed requester could escape into an unsandboxed child runtime...