CVE-2026-41397

OpenClaw before 2026.3.31 contains a sandbox escape vulnerability allowing attackers to traverse directory boundaries through symlink exploitation during file synchronization operations. Remote attackers can bypass sandbox restrictions by crafting malicious symlinks in mirror sync operations to access arbitrary files outside intended boundaries.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/openclaw/openclaw/commit/3b9dab0ece4643a9643e6a45459f5c709d3ce320	Patch
https://github.com/openclaw/openclaw/commit/c02ee8a3a4cb390b23afdf21317aa8b2096854d1	Patch
https://github.com/openclaw/openclaw/security/advisories/GHSA-cwf8-44x6-32c2	Vendor Advisory
https://www.vulncheck.com/advisories/openclaw-sandbox-escape-via-unrestricted-file-sync-and-symlink-traversal	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*

History

30 Apr 2026, 20:54

Type	Values Removed	Values Added
First Time		Openclaw openclaw Openclaw
References	~~() https://github.com/openclaw/openclaw/commit/3b9dab0ece4643a9643e6a45459f5c709d3ce320 -~~	() https://github.com/openclaw/openclaw/commit/3b9dab0ece4643a9643e6a45459f5c709d3ce320 - Patch
References	~~() https://github.com/openclaw/openclaw/commit/c02ee8a3a4cb390b23afdf21317aa8b2096854d1 -~~	() https://github.com/openclaw/openclaw/commit/c02ee8a3a4cb390b23afdf21317aa8b2096854d1 - Patch
References	~~() https://github.com/openclaw/openclaw/security/advisories/GHSA-cwf8-44x6-32c2 -~~	() https://github.com/openclaw/openclaw/security/advisories/GHSA-cwf8-44x6-32c2 - Vendor Advisory
References	~~() https://www.vulncheck.com/advisories/openclaw-sandbox-escape-via-unrestricted-file-sync-and-symlink-traversal -~~	() https://www.vulncheck.com/advisories/openclaw-sandbox-escape-via-unrestricted-file-sync-and-symlink-traversal - Third Party Advisory
CPE		cpe:2.3:a:openclaw:openclaw::::::node.js::*

28 Apr 2026, 19:37

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-04-28 19:37

Updated : 2026-04-30 20:54

NVD link : CVE-2026-41397

Mitre link : CVE-2026-41397

CVE.ORG link : CVE-2026-41397

JSON object : View

Products Affected

openclaw

openclaw

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

6.8 /10