Primary

Context

OpenClaw Sandbox Network Isolation Bypass Vulnerability

Vulnerability

A sandbox network isolation bypass vulnerability has been identified in OpenClaw versions prior to 2026.2.24. This vulnerability allows trusted operators to join another container's network namespace, bypassing network hardening controls. By configuring the docker.network parameter with container:<id> values, operators can access services in target container namespaces.

Impact

Exploiting this vulnerability bypasses sandbox network isolation hardening, potentially allowing access to privileged or internal services in another container's network namespace.

Remediation

Users are advised to block namespace-join style network modes, including 'container:<id>', for sandbox containers and maintain strict allowlisting for safe network modes.

Added: Mar 19, 2026, 10:30 PM

Updated: Mar 19, 2026, 10:30 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

2.6

remediation

0.0

relevance

4.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

2.6

remediation

0.0

relevance

4.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenClaw Sandbox Network Isolation Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating