CVE-2026-32048
Sandbox Bypass in OpenClaw via Cross-Agent Session Spawn
Publication date: 2026-03-21
Last updated on: 2026-03-24
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.3.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-32048 is a sandbox escape vulnerability in OpenClaw versions prior to 2026.3.1. It occurs because OpenClaw fails to enforce sandbox inheritance during cross-agent sessions_spawn operations. This means that a sandboxed session can spawn child processes under unsandboxed agents, creating child runtimes with sandbox.mode set to off. As a result, the attacker can bypass runtime confinement restrictions.
This vulnerability is classified under CWE-732 (Incorrect Permission Assignment for Critical Resource), CWE-269 (Improper Privilege Management), and CWE-284 (Improper Access Control), indicating failures in privilege assignment and access restriction.
How can this vulnerability impact me? :
This vulnerability allows an attacker with a sandboxed session to bypass runtime confinement by spawning child processes without sandbox restrictions. This can lead to privilege escalation or unauthorized access within the system.
The impact includes high severity risks to confidentiality, integrity, and availability of the affected system, as the attacker can operate with fewer restrictions than intended.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying if OpenClaw versions prior to 2026.3.1 are in use and monitoring for cross-agent sessions_spawn operations where sandboxed sessions spawn child processes under unsandboxed agents.
Specifically, you can look for processes or logs indicating that a sandboxed session has spawned child runtimes with sandbox.mode set to off, which would indicate a sandbox escape attempt.
Commands to help detect this might include:
- Checking OpenClaw version installed: `openclaw --version` or equivalent
- Monitoring process trees for unexpected child processes spawned by sandboxed sessions, e.g., using `ps -ef --forest` or `pstree` on Unix-like systems
- Reviewing OpenClaw logs for cross-agent sessions_spawn calls and verifying sandbox.mode settings for spawned runtimes
- Using network monitoring tools to detect unusual cross-agent spawning activity
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade OpenClaw to version 2026.3.1 or later, where the vulnerability has been fixed by enforcing sandbox inheritance during cross-agent sessions_spawn operations.
Until the upgrade can be applied, consider restricting or disabling cross-agent spawning functionality, especially in mixed-agent environments where sandboxed and unsandboxed agents coexist.
Additionally, review and tighten sandbox configuration policies to prevent sandboxed sessions from spawning child runtimes with sandbox.mode set to off.
Monitoring and alerting on suspicious spawning activity can also help in early detection and response.