Duplicate Advisory: OpenClaw's sandboxed sessions_spawn now enforces sandbox inheritance for cross-agent spawns

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-p7gr-f84w-hqg5. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessionsspawn operations,...

CVE-2026-32048

OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessionsspawn operations, allowing sandboxed sessions to create child processes under unsandboxed agents. An attacker with a sandboxed session can exploit this to spawn child runtimes with sandbox.mode set ...

OpenClaw's sandboxed sessions_spawn now enforces sandbox inheritance for cross-agent spawns

Summary A sandboxed session could use cross-agent sessionsspawn to create a child under an agent configured with sandbox.mode="off", downgrading runtime confinement. Impact In mixed-agent setups that allow cross-agent spawning, a sandboxed requester could escape into an unsandboxed child runtime...