CVE-2026-32977
Received Received - Intake
Sandbox Bypass in OpenClaw fs-bridge via TOCTOU Race Condition

Publication date: 2026-03-31

Last updated on: 2026-04-02

Assigner: VulnCheck

Description
OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in the fs-bridge writeFile commit step that uses an unanchored container path during the final move operation. An attacker can exploit a time-of-check-time-of-use race condition by modifying parent paths inside the sandbox to redirect committed files outside the validated writable path within the container mount namespace.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-31
Last Modified
2026-04-02
Generated
2026-06-16
AI Q&A
2026-03-31
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32977
EUVD
EUVD-2026-17383
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.3.11 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-367 The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in OpenClaw versions before 2026.3.11 is a sandbox boundary bypass caused by a race condition during the writeFile commit operation in the filesystem bridge component. Specifically, the final move step uses an unanchored container path, which means the path is not securely tied to the validated container directory.

An attacker with code running inside the sandbox can exploit a time-of-check-time-of-use (TOCTOU) race condition by modifying parent paths inside the sandbox between the validation and the commit step. This allows the attacker to redirect files being committed to locations outside the intended sandbox writable path, effectively bypassing sandbox restrictions.

The root cause is that while other filesystem operations were hardened to use anchored paths, the writeFile commit step still used a raw target path, leaving a window for the race condition. The issue is classified under CWE-367 (TOCTOU Race Condition).

Impact Analysis

This vulnerability can allow an attacker with low privileges inside the sandbox to write files outside the validated sandbox directory. This unauthorized file placement can compromise the isolation provided by the sandbox.

The impact includes high integrity and availability risks because files can be placed or overwritten outside the sandbox, potentially affecting system behavior or availability. However, there is no direct confidentiality impact.

Exploitation requires local access and has high attack complexity, but no user interaction is needed.

Mitigation Strategies

To mitigate this vulnerability, users are advised to upgrade OpenClaw to version 2026.3.11 or later, where the issue has been fixed by anchoring the writeFile commit path to the canonical parent directory, eliminating the race condition.

Compliance Impact

The vulnerability allows an attacker to bypass sandbox boundaries and write files outside the validated container path, leading to unauthorized file placement and potential compromise of container isolation.

Such unauthorized file writes and compromised isolation could impact the integrity and availability of data, which are critical aspects in compliance with standards like GDPR and HIPAA that require strict data protection and access controls.

However, the provided information does not explicitly discuss the direct effects on compliance with these regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32977. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart