2 matches found
CVE-2026-41296
CVE-2026-41296 affects OpenClaw prior to 2026.3.31. A time-of-check-time-of-use race in the remote filesystem bridge readFile function allows sandbox escape by exploiting separate path validation and file read operations to bypass sandbox restrictions and read arbitrary files. The vulnerability i...
@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +13 more potentially affected by CVE-2026-41296 via openclaw (>=2026.3.22 <=2026.3.28)
openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.1.0, =0.1.5 - tokaroo-openclaw-provider =0.1.1 Source cves: CVE-2026-41296 Source advisory: SNYK:JS-OPENCLAW-15893698...