OpenClaw Configuration Integrity Vulnerability in Sandbox Hash Normalization

A configuration integrity vulnerability has been identified in OpenClaw, a personal AI assistant, in versions prior to 2026.2.15. The issue arises in the 'normalizeForHash' function, which recursively sorted arrays of primitive values. This sorting caused order-sensitive sandbox configuration arrays to hash identically, disregarding any changes in order. In OpenClaw's sandbox workflows, this hash determines whether to recreate existing sandbox containers. Consequently, changes that only affected array order, such as Docker 'dns' and 'binds' settings, were not recognized, leading to the reuse of outdated containers. This vulnerability disrupts the expected behavior of sandbox recreation.

Impact

The vulnerability can cause stale sandbox containers to be reused, potentially leading to incorrect or outdated responses in sandboxed environments.

Reproduction

The vulnerability can be reproduced by creating a Docker configuration for an OpenClaw agent that includes order-sensitive array values, such as 'dns' or 'binds'. After hashing the configuration with a version of OpenClaw prior to 2026.2.15, the array order can be changed, and the hash will remain the same, indicating that the configuration change was not recognized. This can be verified by checking the sandbox container recreation behavior, which will incorrectly reuse the stale container instead of creating a new one.

Remediation

Users can update to OpenClaw version 2026.2.15 or later, where this vulnerability has been patched. The latest version can be downloaded from the OpenClaw GitHub releases page.