High severity8.8GHSA Advisory· Published May 5, 2026· Updated May 5, 2026
CVE-2026-42434
CVE-2026-42434
Description
OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape vulnerability allowing sandboxed agents to override exec routing by specifying host=node. Attackers can bypass sandbox boundaries and route execution to remote nodes instead of intended sandbox paths.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
openclawnpm | >= 2026.4.5, < 2026.4.10 | 2026.4.10 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-736r-jwj6-4w23ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-42434ghsaADVISORY
- github.com/openclaw/openclaw/commit/dffad08529202edbf34e4808788e1182fe10f6a9nvdWEB
- github.com/openclaw/openclaw/pull/63880ghsaWEB
- github.com/openclaw/openclaw/security/advisories/GHSA-736r-jwj6-4w23nvdWEB
- www.vulncheck.com/advisories/openclaw-sandbox-escape-via-host-parameter-override-in-exec-routingnvdWEB
News mentions
0No linked articles in our index yet.