2 matches found
CVE-2026-28479 OpenClaw < 2026.2.15 - Cache Poisoning via Deprecated SHA-1 Hash in Sandbox Configuration
OpenClaw versions prior to 2026.2.15 use SHA-1 to hash sandbox identifier cache keys for Docker and browser sandbox configurations, which is deprecated and vulnerable to collision attacks. An attacker can exploit SHA-1 collisions to cause cache poisoning, allowing one sandbox configuration to be...
CVE-2026-28479
OpenClaw before 2026.2.15 hashes sandbox cache keys with SHA-1, introducing collision risks that can poison cache and cause unsafe sandbox state reuse. Affected: OpenClaw versions prior to 2026.2.15. Root cause: deprecated SHA-1-based hashing of Docker/browser sandbox configuration identifiers. I...