4 matches found
CVE-2026-27523
OpenClaw versions prior to 2026.2.24 contain a sandbox bind validation vulnerability allowing attackers to bypass allowed-root and blocked-path checks via symlinked parent directories with non-existent leaf paths. Attackers can craft bind source paths that appear within allowed roots but resolve...
OpenClaw's sandbox bind validation could bypass allowed-root and blocked-path checks via symlink-parent missing-leaf paths
Summary In openclaw up to and including 2026.2.23 latest npm release as of February 24, 2026, sandbox bind-source validation could be bypassed when a bind source used a symlinked parent plus a non-existent leaf path. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.24...
GHSA-M8V2-6WWH-R4GC OpenClaw's sandbox bind validation could bypass allowed-root and blocked-path checks via symlink-parent missing-leaf paths
Summary In openclaw up to and including 2026.2.23 latest npm release as of February 24, 2026, sandbox bind-source validation could be bypassed when a bind source used a symlinked parent plus a non-existent leaf path. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.24...
PT-2026-26017
Summary In openclaw up to and including 2026.2.23 latest npm release as of February 24, 2026, sandbox bind-source validation could be bypassed when a bind source used a symlinked parent plus a non-existent leaf path. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.24...