OpenClaw versions before 2026.3.11 contain a critical sandbox boundary bypass vulnerability in fs-bridge staged writes. The vulnerability stems from temporary file creation and population not being pinned to a verified parent directory. Attackers can exploit a race condition in parent-path alias changes to write malicious bytes outside the intended validated path. This occurs before the final guarded replace step executes, allowing attackers to bypass sandbox protections. The vulnerability affects the file system bridge component's staged write operations, potentially allowing arbitrary file writes outside the sandbox environment.