CVE-2026-28479

OpenClaw versions prior to 2026.2.15 use SHA-1 to hash sandbox identifier cache keys for Docker and browser sandbox configurations, which is deprecated and vulnerable to collision attacks. An attacker can exploit SHA-1 collisions to cause cache poisoning, allowing one sandbox configuration to be...

CVE-2026-28479 OpenClaw < 2026.2.15 - Cache Poisoning via Deprecated SHA-1 Hash in Sandbox Configuration

OpenClaw versions prior to 2026.2.15 use SHA-1 to hash sandbox identifier cache keys for Docker and browser sandbox configurations, which is deprecated and vulnerable to collision attacks. An attacker can exploit SHA-1 collisions to cause cache poisoning, allowing one sandbox configuration to be...

OpenClaw 加密问题漏洞

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from a cryptographic issue vulnerability that stems from the use of SHA-1 hashed Docker and browser sandbox configurations of the sandbox identifier cache key, which can be exploited by an attacker to enable...

PT-2026-23554

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.15 Description The software uses SHA-1 to hash sandbox identifier cache keys for Docker and browser sandbox configurations. SHA-1 is a deprecated cryptographic hash function with known collision weaknesses. A...