Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

NVD
NVDadded 2026/03/21 1:17 a.m.4 views

CVE-2026-32048

OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessionsspawn operations, allowing sandboxed sessions to create child processes under unsandboxed agents. An attacker with a sandboxed session can exploit this to spawn child runtimes with sandbox.mode set ...

9.9CVSS0.00281EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/03/21 12:42 a.m.20 views

CVE-2026-32048 OpenClaw < 2026.3.1 - Sandbox Escape via Cross-Agent sessions_spawn

OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessionsspawn operations, allowing sandboxed sessions to create child processes under unsandboxed agents. An attacker with a sandboxed session can exploit this to spawn child runtimes with sandbox.mode set ...

7.7CVSS0.00281EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/03/21 12:42 a.m.0 views

CVE-2026-32048 OpenClaw < 2026.3.1 - Sandbox Escape via Cross-Agent sessions_spawn

OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessionsspawn operations, allowing sandboxed sessions to create child processes under unsandboxed agents. An attacker with a sandboxed session can exploit this to spawn child runtimes with sandbox.mode set ...

7.7CVSS5.8AI score0.00281EPSS
Exploits0References2
CVE
CVEadded 2026/03/21 12:42 a.m.16 views

CVE-2026-32048

CVE-2026-32048 affects OpenClaw before 2026.3.1. The root cause is failure to enforce sandbox inheritance during cross-agent sessions_spawn, enabling a sandboxed session to create child processes under unsandboxed agents and spawn runtimes with sandbox.mode set to off, bypassing runtime confineme...

9.9CVSS5.8AI score0.00281EPSS
Exploits0References2Affected Software1
Snyk
Snykadded 2026/03/02 9:53 p.m.3 views

Access Control Bypass

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Access Control Bypass in the sessionsspawn sandboxed session. An attacker can bypass intended sandbox restrictions by spawning a child process under an agent with sandboxing disabled,...

9.9CVSS5.9AI score0.00281EPSS
Exploits0References3
OSV
OSVadded 2026/03/02 9:53 p.m.2 views

GHSA-P7GR-F84W-HQG5 OpenClaw's sandboxed sessions_spawn now enforces sandbox inheritance for cross-agent spawns

Summary A sandboxed session could use cross-agent sessionsspawn to create a child under an agent configured with sandbox.mode="off", downgrading runtime confinement. Impact In mixed-agent setups that allow cross-agent spawning, a sandboxed requester could escape into an unsandboxed child runtime...

6.9CVSS5.9AI score0.00281EPSS
Exploits0References4
Rows per page
Query Builder