Critical severity9.6NVD Advisory· Published May 6, 2026· Updated May 13, 2026
CVE-2026-44112
CVE-2026-44112
Description
OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that allows attackers to redirect writes outside the intended mount root. Attackers can exploit symlink swaps during filesystem operations to bypass sandbox restrictions and write files outside the local mount root.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
openclawnpm | < 2026.4.22 | 2026.4.22 |
Affected products
3Patches
Vulnerability mechanics
References
5- github.com/openclaw/openclaw/commit/7be82d4fd1193bcb7e44ee38838f00bf924ffa76nvdPatchWEB
- github.com/advisories/GHSA-wppj-c6mr-83jjghsaADVISORY
- github.com/openclaw/openclaw/security/advisories/GHSA-wppj-c6mr-83jjnvdMitigationVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-44112ghsaADVISORY
- www.vulncheck.com/advisories/openclaw-symlink-swap-race-condition-in-openshell-fs-bridge-writesnvdThird Party AdvisoryWEB
News mentions
6- Patched OpenClaw Flaw Let Hackers Hijack AI AgentsGovInfoSecurity · May 19, 2026
- 'Claw Chain' Vulnerabilities Threaten OpenClaw DeploymentsDark Reading · May 18, 2026
- 18th May – Threat Intelligence ReportCheck Point Research · May 18, 2026
- ⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and MoreThe Hacker News · May 18, 2026
- ‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor DeliverySecurityWeek · May 18, 2026
- Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and PersistenceThe Hacker News · May 15, 2026