top of page
perceptive_background_267k.jpg

OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via heartbeat context inheritance and senderIsOwner …

Published:

20 April 2026 at 22:00:00

Alert date:

21 April 2026 at 07:08:02

Source:

nvd.nist.gov

Click to open the original link from this advisory

Security Tools

OpenClaw versions before 2026.3.31 contain a critical sandbox bypass vulnerability that allows attackers to escalate privileges through heartbeat context inheritance and senderIsOwner parameter manipulation. The vulnerability stems from improper context validation, enabling attackers to bypass sandbox restrictions and achieve unauthorized privilege escalation. This represents a significant security flaw in the OpenClaw application's sandboxing mechanism.

Technical details

Mitigation steps:

Affected products:

OpenClaw

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-41329
https://github.com/openclaw/openclaw/commit/a30214a624946fc5c85c9558a27c1580172374fd
https://github.com/openclaw/openclaw/security/advisories/GHSA-g5cg-8x5w-7jpm
https://www.vulncheck.com/advisories/openclaw-sandbox-bypass-via-heartbeat-context-inheritance-and-senderisowner-escalation

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page