Low severity3.6NVD Advisory· Published Mar 19, 2026· Updated Apr 20, 2026
CVE-2026-32018
CVE-2026-32018
Description
OpenClaw versions prior to 2026.2.19 contain a race condition vulnerability in concurrent updateRegistry and removeRegistryEntry operations for sandbox containers and browsers. Attackers can exploit unsynchronized read-modify-write operations without locking to cause registry updates to lose data, resurrect removed entries, or corrupt sandbox state affecting list, prune, and recreate operations.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
openclawnpm | < 2026.2.19 | 2026.2.19 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/openclaw/openclaw/commit/cc29be8c9bcdfaecb90f0ab13124c8f5362a6741nvdPatchWEB
- github.com/advisories/GHSA-gq83-8q7q-9hfxghsaADVISORY
- github.com/openclaw/openclaw/security/advisories/GHSA-gq83-8q7q-9hfxnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-32018ghsaADVISORY
- www.vulncheck.com/advisories/openclaw-race-condition-in-sandbox-registry-write-operationsnvdThird Party AdvisoryWEB
- github.com/openclaw/openclaw/commit/cc29be8c9ghsaWEB
News mentions
0No linked articles in our index yet.