CVE-2026-32002

Published: Mar 19, 2026 Last Modified: Mar 19, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,0

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: low

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

MEDIUM 5,3

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: none

Availability: none

Description

AI Translation Available

OpenClaw versions prior to 2026.2.23 contain a sandbox bypass vulnerability in the sandboxed image tool that fails to enforce tools.fs.workspaceOnly restrictions on mounted sandbox paths, allowing attackers to read out-of-workspace files. Attackers can load restricted mounted images and exfiltrate them through vision model provider requests to bypass sandbox confidentiality controls.

200

Exposure of Sensitive Information to an Unauthorized Actor

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality

Potential Impacts:

Read Application Data

Applicable Platforms

Technologies: Mobile, Not Technology-Specific, Web Based

Likelihood of Exploit: High

View CWE Details

https://github.com/openclaw/openclaw/commit/dd9d9c1c609dcb4…

https://github.com/openclaw/openclaw/commit/dd9d9c1c609dcb4579f9e57bd7b5c879d01…

https://github.com/openclaw/openclaw/security/advisories/GH…

https://github.com/openclaw/openclaw/security/advisories/GHSA-q6qf-4p5j-r25g

https://www.vulncheck.com/advisories/openclaw-sandbox-bound…

https://www.vulncheck.com/advisories/openclaw-sandbox-boundary-bypass-via-image…

CVE-2026-32002

Description

Exposure of Sensitive Information to an Unauthorized Actor

Common Consequences

Applicable Platforms

Iscriviti alla newsletter