OpenClaw Sandbox Escape Vulnerability via Symlink Exploitation in Mirror Sync Operations

A sandbox escape vulnerability has been identified in OpenClaw versions prior to 2026.3.31. This vulnerability allows remote attackers to traverse directory boundaries by exploiting symbolic links during file synchronization operations. By crafting malicious symlinks, attackers can access arbitrary files outside of the intended boundaries, bypassing sandbox restrictions.

Impact

Exploitation of this vulnerability can lead to unauthorized access to files outside the designated sandbox environment, potentially allowing for the execution of malicious code or other harmful actions on the host system.

Reproduction

To reproduce this vulnerability, create a symlink in the OpenClaw sandbox that points to a file or directory outside the allowed boundaries. During the mirror synchronization process, the crafted symlink will be followed, granting access to the linked resource. This can be automated with a script that uploads the symlinked path, exploiting the lack of proper exclusion for 'hooks' and other sensitive directories.

Remediation

Users can update to OpenClaw version 2026.3.31 or later, where this vulnerability has been patched.