Moderate severityNVD Advisory· Published Mar 21, 2026· Updated Mar 23, 2026
OpenClaw < 2026.2.21 - OS-level Sandbox Bypass via --no-sandbox Flag
CVE-2026-32046
Description
OpenClaw versions prior to 2026.2.21 contain an improper sandbox configuration vulnerability that allows attackers to execute arbitrary code by exploiting renderer-side vulnerabilities without requiring a sandbox escape. Attackers can leverage the disabled OS-level sandbox protections in the Chromium browser container to achieve code execution on the host system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
openclawnpm | < 2026.2.21 | 2026.2.21 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/openclaw/openclaw/commit/1835dec2004fe7a62c6a7ba46b8485f124ec6199ghsapatchWEB
- github.com/openclaw/openclaw/commit/e7eba01efc4c3c400e9cfd3ce3d661cbc788a631ghsapatchWEB
- github.com/advisories/GHSA-43x4-g22p-3hrqghsaADVISORY
- github.com/openclaw/openclaw/security/advisories/GHSA-43x4-g22p-3hrqghsathird-party-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-32046ghsaADVISORY
- www.vulncheck.com/advisories/openclaw-os-level-sandbox-bypass-via-no-sandbox-flagghsathird-party-advisoryWEB
News mentions
0No linked articles in our index yet.