CVE-2026-27646

OpenClaw up to version 2026.3.7 is affected by a sandbox escape in the /acp spawn command. Authorized sandboxed sessions can cross from the sandbox chat context into host-side ACP session initialization when ACP is enabled, bypassing sandbox restrictions. The vulnerability is described as a sandb...

CVE-2026-27646 OpenClaw < 2026.3.7 - Sandbox Escape via /acp spawn Command

OpenClaw versions prior to 2026.3.7 contain a sandbox escape vulnerability in the /acp spawn command that allows authorized sandboxed sessions to initialize host-side ACP runtime. Attackers can bypass sandbox restrictions by invoking the /acp spawn slash-command to cross from sandboxed chat conte...

CVE-2026-27646 OpenClaw < 2026.3.7 - Sandbox Escape via /acp spawn Command

OpenClaw versions prior to 2026.3.7 contain a sandbox escape vulnerability in the /acp spawn command that allows authorized sandboxed sessions to initialize host-side ACP runtime. Attackers can bypass sandbox restrictions by invoking the /acp spawn slash-command to cross from sandboxed chat conte...

Protection Mechanism Failure

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Protection Mechanism Failure via the /acp spawn command handler. An attacker can escalate privileges by initializing host-side ACP sessions from a sandboxed context when ACP is enabled an...

OpenClaw: Sandboxed /acp spawn requests could initialize host ACP sessions

Summary Sandboxed requester sessions could reach host-side ACP session initialization through /acp spawn. OpenClaw already blocked sessionsspawn runtime: "acp" from sandboxed sessions, but the slash-command path initialized ACP directly without applying the same host-runtime guard first. Affected...