OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via heartbeat context inheritance and senderIsOwner …

CVE-2026-41329 affects OpenClaw versions before 2026.3.31, containing a sandbox bypass vulnerability that allows privilege escalation. Attackers can exploit heartbeat context inheritance and manipulate the senderIsOwner parameter to bypass sandbox restrictions. The vulnerability stems from improper context validation within the application. This enables unauthorized privilege escalation, potentially allowing attackers to break out of security sandboxes. The issue has been documented with proof-of-concept code and security advisories available on GitHub.