CVE-2026-32046

MEDIUM 5.3

OpenClaw < 2026.2.21 - OS-level Sandbox Bypass via --no-sandbox Flag

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

2th

OpenClaw versions prior to 2026.2.21 contain an improper sandbox configuration vulnerability that allows attackers to execute arbitrary code by exploiting renderer-side vulnerabilities without requiring a sandbox escape. Attackers can leverage the disabled OS-level sandbox protections in the Chromium browser container to achieve code execution on the host system.

CWE	CWE-1188
Vendor	openclaw
Product	openclaw
Published	Mar 21, 2026
Last Updated	Mar 23, 2026

Stay Ahead of the Next One

Get instant alerts for openclaw openclaw

Be the first to know when new medium vulnerabilities affecting openclaw openclaw are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Affected Versions

OpenClaw / OpenClaw

0 < 2026.2.21

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/openclaw/openclaw/security/advisories/GHSA-43x4-g22p-3hrq github.com: https://github.com/openclaw/openclaw/commit/e7eba01efc4c3c400e9cfd3ce3d661cbc788a631 github.com: https://github.com/openclaw/openclaw/commit/1835dec2004fe7a62c6a7ba46b8485f124ec6199 vulncheck.com: https://www.vulncheck.com/advisories/openclaw-os-level-sandbox-bypass-via-no-sandbox-flag

Credits

🔍 Rafael M (@TerminalsandCoffee)