OpenClaw OpenShell Symlink Swap Race Condition Vulnerability
Vulnerability
A time-of-check/time-of-use race condition has been identified in OpenClaw versions prior to 2026.4.22, specifically within the OpenShell sandbox filesystem write operations. This vulnerability allows attackers to manipulate symlinks during filesystem processes, redirecting writes outside the designated mount root. As a result, files can be written beyond the local mount root, bypassing sandbox restrictions.
Impact
Exploitation of this vulnerability could lead to unauthorized file writes outside the intended sandbox environment, potentially allowing malicious actors to manipulate or access files in unintended locations.
Reproduction
The vulnerability can be reproduced by creating a symlink that points outside the sandbox's local mount root. During a filesystem write operation, the symlink can be swapped to redirect the write to a location outside the allowed area, effectively bypassing sandbox restrictions.
Remediation
Users can update to OpenClaw version 2026.4.22 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.