CVE-2026-32046
Received Received - Intake
Improper Sandbox Configuration in OpenClaw Enables Remote Code Execution

Publication date: 2026-03-21

Last updated on: 2026-03-24

Assigner: VulnCheck

Description
OpenClaw versions prior to 2026.2.21 contain an improper sandbox configuration vulnerability that allows attackers to execute arbitrary code by exploiting renderer-side vulnerabilities without requiring a sandbox escape. Attackers can leverage the disabled OS-level sandbox protections in the Chromium browser container to achieve code execution on the host system.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-21
Last Modified
2026-03-24
Generated
2026-06-16
AI Q&A
2026-03-21
EPSS Evaluated
2026-06-14
NVD
CVE-2026-32046
EUVD
EUVD-2026-13941
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.2.21 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1188 The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-32046 is a vulnerability in OpenClaw versions prior to 2026.2.21 caused by an improper sandbox configuration. The Chromium browser container embedded in OpenClaw was launched with the `--no-sandbox` flag by default, which disables OS-level sandbox protections. This misconfiguration allows attackers with local access to exploit renderer-side vulnerabilities and execute arbitrary code on the host system without needing to escape the sandbox.'}, {'type': 'paragraph', 'content': 'The vulnerability arises because disabling the sandbox removes critical isolation between the browser renderer processes and the host operating system, increasing the attack surface and risk of code execution on the host.'}, {'type': 'paragraph', 'content': "The fix involved removing the default use of the `--no-sandbox` flag and requiring explicit opt-in via environment variables to disable sandboxing, thereby hardening the container's security posture by enabling sandboxing by default."}] [1, 2, 3, 4]

Impact Analysis

This vulnerability can impact you by allowing an attacker with local access to execute arbitrary code on your host system through the OpenClaw browser container.

Because the OS-level sandbox protections are disabled by default, an attacker can exploit renderer-side vulnerabilities without needing to perform a sandbox escape, which normally adds an additional layer of security.

This increases the risk of privilege escalation and compromise of the host system, potentially leading to unauthorized access, data manipulation, or disruption of services.

The vulnerability has a medium severity rating with a CVSS v3.1 base score of 5.3, indicating a local attack vector with low complexity but potential impact on confidentiality, integrity, and availability.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by auditing the sandbox browser Docker containers used by OpenClaw to check if they have the proper sandboxing enabled and the correct security labels.'}, {'type': 'paragraph', 'content': 'Specifically, you should check for the presence and correctness of the Docker container labels "openclaw.sandboxBrowser" set to "1" and "openclaw.browserConfigEpoch" set to the current security epoch value ("2026-02-21-no-sandbox-default"). Containers missing these labels or having stale values indicate an insecure or outdated sandbox configuration.'}, {'type': 'paragraph', 'content': 'You can list sandbox browser containers by filtering Docker containers with the label "openclaw.sandboxBrowser=1" and inspect their labels to verify the sandbox configuration.'}, {'type': 'paragraph', 'content': 'A recommended command to recreate all sandbox browser containers with updated security labels and configuration is:'}, {'type': 'list_item', 'content': 'openclaw sandbox recreate --browser --all'}, {'type': 'paragraph', 'content': 'This command helps ensure that all sandbox browser containers are migrated to the hardened security posture that disables the default use of the --no-sandbox flag.'}] [3]

Mitigation Strategies

[{'type': 'paragraph', 'content': "To mitigate this vulnerability immediately, you should upgrade OpenClaw to version 2026.2.21 or later, where the default use of the --no-sandbox flag has been removed, enabling Chromium's OS-level sandbox protections by default."}, {'type': 'paragraph', 'content': 'If upgrading is not immediately possible, ensure that the environment variables OPENCLAW_BROWSER_NO_SANDBOX or CLAWDBOT_BROWSER_NO_SANDBOX are not set to 1, so that the sandbox is not explicitly disabled.'}, {'type': 'paragraph', 'content': 'Additionally, audit your sandbox browser Docker containers to detect any that are stale or missing the updated security labels, and recreate them using the command:'}, {'type': 'list_item', 'content': 'openclaw sandbox recreate --browser --all'}, {'type': 'paragraph', 'content': 'This will enforce sandboxing by default and reduce the attack surface by preventing arbitrary code execution via renderer-side vulnerabilities.'}] [1, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32046. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart