CVE-2026-32018
Race Condition in OpenClaw Registry Causes Data Corruption
Publication date: 2026-03-19
Last updated on: 2026-04-20
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.2.19 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-362 | The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in OpenClaw versions prior to 2026.2.19 and involves a race condition during concurrent operations on sandbox containers and browsers. Specifically, when updateRegistry and removeRegistryEntry operations occur simultaneously without proper synchronization or locking, attackers can exploit this to cause registry updates to lose data, bring back entries that were removed, or corrupt the sandbox state. This affects operations such as listing, pruning, and recreating sandbox entries.
How can this vulnerability impact me? :
The impact of this vulnerability includes potential data loss in registry updates, resurrection of removed registry entries, and corruption of the sandbox environment. This can lead to inconsistent or unexpected behavior in sandbox containers and browsers, potentially undermining the integrity and reliability of sandbox operations such as listing, pruning, and recreating entries.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know