CVE-2026-32046
Improper Sandbox Configuration in OpenClaw Enables Remote Code Execution
Publication date: 2026-03-21
Last updated on: 2026-03-24
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.2.21 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1188 | The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-32046 is a vulnerability in OpenClaw versions prior to 2026.2.21 caused by an improper sandbox configuration. The Chromium browser container embedded in OpenClaw was launched with the `--no-sandbox` flag by default, which disables OS-level sandbox protections. This misconfiguration allows attackers with local access to exploit renderer-side vulnerabilities and execute arbitrary code on the host system without needing to escape the sandbox.'}, {'type': 'paragraph', 'content': 'The vulnerability arises because disabling the sandbox removes critical isolation between the browser renderer processes and the host operating system, increasing the attack surface and risk of code execution on the host.'}, {'type': 'paragraph', 'content': "The fix involved removing the default use of the `--no-sandbox` flag and requiring explicit opt-in via environment variables to disable sandboxing, thereby hardening the container's security posture by enabling sandboxing by default."}] [1, 2, 3, 4]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker with local access to execute arbitrary code on your host system through the OpenClaw browser container.
Because the OS-level sandbox protections are disabled by default, an attacker can exploit renderer-side vulnerabilities without needing to perform a sandbox escape, which normally adds an additional layer of security.
This increases the risk of privilege escalation and compromise of the host system, potentially leading to unauthorized access, data manipulation, or disruption of services.
The vulnerability has a medium severity rating with a CVSS v3.1 base score of 5.3, indicating a local attack vector with low complexity but potential impact on confidentiality, integrity, and availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by auditing the sandbox browser Docker containers used by OpenClaw to check if they have the proper sandboxing enabled and the correct security labels.'}, {'type': 'paragraph', 'content': 'Specifically, you should check for the presence and correctness of the Docker container labels "openclaw.sandboxBrowser" set to "1" and "openclaw.browserConfigEpoch" set to the current security epoch value ("2026-02-21-no-sandbox-default"). Containers missing these labels or having stale values indicate an insecure or outdated sandbox configuration.'}, {'type': 'paragraph', 'content': 'You can list sandbox browser containers by filtering Docker containers with the label "openclaw.sandboxBrowser=1" and inspect their labels to verify the sandbox configuration.'}, {'type': 'paragraph', 'content': 'A recommended command to recreate all sandbox browser containers with updated security labels and configuration is:'}, {'type': 'list_item', 'content': 'openclaw sandbox recreate --browser --all'}, {'type': 'paragraph', 'content': 'This command helps ensure that all sandbox browser containers are migrated to the hardened security posture that disables the default use of the --no-sandbox flag.'}] [3]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': "To mitigate this vulnerability immediately, you should upgrade OpenClaw to version 2026.2.21 or later, where the default use of the --no-sandbox flag has been removed, enabling Chromium's OS-level sandbox protections by default."}, {'type': 'paragraph', 'content': 'If upgrading is not immediately possible, ensure that the environment variables OPENCLAW_BROWSER_NO_SANDBOX or CLAWDBOT_BROWSER_NO_SANDBOX are not set to 1, so that the sandbox is not explicitly disabled.'}, {'type': 'paragraph', 'content': 'Additionally, audit your sandbox browser Docker containers to detect any that are stale or missing the updated security labels, and recreate them using the command:'}, {'type': 'list_item', 'content': 'openclaw sandbox recreate --browser --all'}, {'type': 'paragraph', 'content': 'This will enforce sandboxing by default and reduce the attack surface by preventing arbitrary code execution via renderer-side vulnerabilities.'}] [1, 3]