CVE-2026-32977
Sandbox Bypass in OpenClaw fs-bridge via TOCTOU Race Condition
Publication date: 2026-03-31
Last updated on: 2026-04-02
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.3.11 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-367 | The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in OpenClaw versions before 2026.3.11 is a sandbox boundary bypass caused by a race condition during the writeFile commit operation in the filesystem bridge component. Specifically, the final move step uses an unanchored container path, which means the path is not securely tied to the validated container directory.
An attacker with code running inside the sandbox can exploit a time-of-check-time-of-use (TOCTOU) race condition by modifying parent paths inside the sandbox between the validation and the commit step. This allows the attacker to redirect files being committed to locations outside the intended sandbox writable path, effectively bypassing sandbox restrictions.
The root cause is that while other filesystem operations were hardened to use anchored paths, the writeFile commit step still used a raw target path, leaving a window for the race condition. The issue is classified under CWE-367 (TOCTOU Race Condition).
How can this vulnerability impact me? :
This vulnerability can allow an attacker with low privileges inside the sandbox to write files outside the validated sandbox directory. This unauthorized file placement can compromise the isolation provided by the sandbox.
The impact includes high integrity and availability risks because files can be placed or overwritten outside the sandbox, potentially affecting system behavior or availability. However, there is no direct confidentiality impact.
Exploitation requires local access and has high attack complexity, but no user interaction is needed.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, users are advised to upgrade OpenClaw to version 2026.3.11 or later, where the issue has been fixed by anchoring the writeFile commit path to the canonical parent directory, eliminating the race condition.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an attacker to bypass sandbox boundaries and write files outside the validated container path, leading to unauthorized file placement and potential compromise of container isolation.
Such unauthorized file writes and compromised isolation could impact the integrity and availability of data, which are critical aspects in compliance with standards like GDPR and HIPAA that require strict data protection and access controls.
However, the provided information does not explicitly discuss the direct effects on compliance with these regulations.