CVE-2026-44113
Time-of-Check/Use Race Condition in OpenClaw Filesystem Bridge
Publication date: 2026-05-06
Last updated on: 2026-05-07
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.4.22 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-367 | The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows attackers to bypass sandbox restrictions and read files outside the intended mount root, potentially leading to unauthorized access to sensitive or protected data.
Such unauthorized data access could result in violations of data protection regulations like GDPR or HIPAA, which require strict controls on access to personal or sensitive information.
Can you explain this vulnerability to me?
This vulnerability exists in OpenClaw versions before 2026.4.22 and involves a time-of-check/time-of-use (TOCTOU) race condition in the OpenShell filesystem bridge.
Attackers can exploit this race condition by performing symlink swaps during filesystem operations, which allows them to bypass sandbox restrictions.
As a result, attackers can read files outside the intended mount root, accessing unauthorized file contents.
How can this vulnerability impact me? :
This vulnerability can allow an attacker with limited privileges to read sensitive files outside of the intended sandbox or mount root.
Such unauthorized access to files can lead to exposure of confidential or sensitive information.
Because the attacker can bypass sandbox restrictions, this may undermine system security and data confidentiality.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a time-of-check/time-of-use race condition in the OpenShell filesystem bridge that allows unauthorized file reads via symlink swaps. Detection involves verifying the OpenClaw version and monitoring for suspicious filesystem operations involving symlinks.
To detect if your system is vulnerable, first check the installed OpenClaw version. Versions before 2026.4.22 are affected.
- Check OpenClaw version: run `openclaw --version` or check the package version via your package manager.
- Monitor filesystem operations for unusual symlink activity, for example using `inotifywait` on Linux to watch for symlink creations or changes in the OpenShell mount root directory.
- Use commands like `find /path/to/mountroot -type l -ls` to list symlinks within the mount root and verify their targets.
There are no specific detection commands provided in the resources, but focusing on version checks and monitoring symlink manipulations in the OpenShell filesystem bridge area is recommended.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update OpenClaw to version 2026.4.22 or later, where the vulnerability has been fixed.
The fix includes stricter file opening procedures that prevent symlink swaps and unauthorized file reads by pinning file descriptors and validating file identities.
- Upgrade OpenClaw to version 2026.4.22 or newer.
- If immediate upgrade is not possible, restrict access to the OpenShell filesystem bridge to trusted users only to minimize exploitation risk.
- Monitor and audit filesystem operations involving symlinks within the OpenShell mount root to detect potential exploitation attempts.
Applying the patch described in the OpenClaw GitHub commit ensures that file reads are pinned to open file descriptors and that symlink and hardlink manipulations are rejected, effectively mitigating the vulnerability.