CVE-2026-27002
Configuration Injection in OpenClaw Docker Sandbox Enables Container Escape
Publication date: 2026-02-20
Last updated on: 2026-02-20
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.2.15 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-250 | The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-27002 is a configuration injection vulnerability in the OpenClaw AI assistant's Docker sandboxing feature prior to version 2026.2.15. It allows an attacker or an operator using untrusted configuration to inject dangerous Docker options such as bind mounts to sensitive host directories, host networking mode, and unconfined security profiles (seccomp and AppArmor). This can enable container escape or unauthorized access to host data."}, {'type': 'paragraph', 'content': 'The vulnerability arises because unsafe Docker sandbox settings can be applied, which weaken container isolation and allow the container to access or control the host system.'}, {'type': 'paragraph', 'content': 'The issue was fixed in OpenClaw version 2026.2.15 by adding runtime enforcement to block dangerous Docker sandbox settings, validating configuration schemas to prevent unsafe values, and introducing security audit mechanisms to detect risky configurations.'}] [1]
How can this vulnerability impact me? :
Exploiting this vulnerability can lead to container escape, allowing an attacker to break out of the Docker container isolation.
It can also result in unauthorized access to sensitive host data by mounting critical system directories or the Docker socket inside the container.
Ultimately, this can lead to full host control, exposing secrets, compromising system integrity, and potentially enabling further attacks on the host environment.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by auditing the Docker sandbox configuration used by OpenClaw, specifically checking for dangerous Docker options such as bind mounts to sensitive host directories or the Docker socket, use of host networking, and unconfined seccomp or AppArmor profiles.'}, {'type': 'paragraph', 'content': 'You should look for configurations where agents.*.sandbox.docker.binds mount system directories like /etc, /proc, /sys, /dev, or Docker socket paths such as /var/run/docker.sock or /run/docker.sock.'}, {'type': 'paragraph', 'content': "Also, verify if agents.*.sandbox.docker.network is set to 'host' instead of 'none' or 'bridge', and check if seccompProfile or apparmorProfile are set to 'unconfined'."}, {'type': 'paragraph', 'content': 'While no specific commands are provided in the resources, you can use Docker commands and configuration inspection to detect risky settings, for example:'}, {'type': 'list_item', 'content': 'Inspect Docker container creation arguments or configuration files for bind mounts: grep or jq to find mounts of /etc, /proc, /sys, /dev, or Docker socket paths.'}, {'type': 'list_item', 'content': 'Check network mode of containers: docker inspect <container_id> | grep NetworkMode'}, {'type': 'list_item', 'content': 'Check seccomp and AppArmor profiles used by containers: docker inspect <container_id> | grep SeccompProfile and AppArmorProfile'}, {'type': 'paragraph', 'content': 'Additionally, OpenClaw 2026.2.15 and later include security audit findings to surface dangerous sandbox Docker configurations, which can help detect this vulnerability automatically.'}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'To mitigate this vulnerability immediately, upgrade OpenClaw to version 2026.2.15 or later, which includes fixes that block dangerous Docker sandbox settings and enforce runtime validation.'}, {'type': 'paragraph', 'content': 'As a workaround before upgrading, avoid configuring agents.*.sandbox.docker.binds to mount system directories or Docker socket paths.'}, {'type': 'paragraph', 'content': "Keep agents.*.sandbox.docker.network set to 'none' (default) or 'bridge', and do not use 'host' network mode."}, {'type': 'paragraph', 'content': "Do not use 'unconfined' for seccompProfile or apparmorProfile; use custom or default profiles instead."}, {'type': 'paragraph', 'content': 'These steps reduce the risk of container escape or host data access by preventing dangerous Docker options from being applied.'}] [1]