Primary

Context

OpenClaw Sandbox Escape Vulnerability via Cross-Agent Sessions

Vulnerability

A vulnerability in OpenClaw versions prior to 2026.3.1 allows sandboxed sessions to bypass runtime confinement by creating child processes under unsandboxed agents. This is achieved through cross-agent 'sessions_spawn' operations, which, in mixed-agent setups, can lead to unauthorized access to resources or capabilities that are normally restricted within the sandboxed environment.

Impact

Exploitation of this vulnerability allows a sandboxed session to escape into an unsandboxed child runtime, effectively downgrading runtime confinement and potentially leading to unauthorized actions or access.

Remediation

Users can upgrade to OpenClaw version 2026.3.1 or later to address this vulnerability.

Added: Mar 21, 2026, 1:31 AM

Updated: Mar 21, 2026, 1:31 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.8

remediation

0.0

relevance

4.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.8

remediation

0.0

relevance

4.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenClaw Sandbox Escape Vulnerability via Cross-Agent Sessions

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating