OpenClaw Sandbox Escape Vulnerability via TOCTOU Race Condition in Remote Filesystem Bridge
Vulnerability
A sandbox escape vulnerability has been identified in OpenClaw versions prior to 2026.3.31. The issue arises from a time-of-check-time-of-use (TOCTOU) race condition in the remote filesystem bridge's readFile function. This vulnerability allows attackers to exploit the separate path validation and file reading operations, bypassing sandbox restrictions to access arbitrary files.
Impact
Exploitation of this vulnerability allows for unauthorized file access, leading to a sandbox escape.
Reproduction
The vulnerability can be reproduced by creating a symbolic link to a file outside the sandbox's allowed directory and then using the remote filesystem bridge's readFile function to access the linked file. The readFile function will first validate the file path and then read the file, creating a race condition that can be exploited to bypass sandbox restrictions.
Remediation
Users can upgrade to OpenClaw version 2026.3.31 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.