Moderate severityNVD Advisory· Published Mar 19, 2026· Updated Mar 20, 2026
OpenClaw - Sandbox Network Isolation Bypass via docker.network=container Parameter
CVE-2026-32038
Description
OpenClaw before 2026.2.24 contains a sandbox network isolation bypass vulnerability that allows trusted operators to join another container's network namespace. Attackers can configure the docker.network parameter with container: values to reach services in target container namespaces and bypass network hardening controls.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
openclawnpm | < 2026.2.24 | 2026.2.24 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-ww6v-v748-x7g9ghsaADVISORY
- github.com/openclaw/openclaw/security/advisories/GHSA-ww6v-v748-x7g9ghsathird-party-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-32038ghsaADVISORY
- www.vulncheck.com/advisories/openclaw-sandbox-network-isolation-bypass-via-docker-network-container-parameterghsathird-party-advisoryWEB
- github.com/openclaw/openclaw/commit/14b6eea6eghsaWEB
- github.com/openclaw/openclaw/commit/5552f9073ghsaWEB
News mentions
0No linked articles in our index yet.