OpenClaw < 2026.4.22 - Symlink Swap Race Condition in OpenShell...

6 / 10

MEDIUM

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Description

OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that allows attackers to redirect writes outside the intended mount root. Attackers can exploit symlink swaps during filesystem operations to bypass sandbox restrictions and write files outside the local mount root.

Basic Information

ID CVE-2026-44112

Source VulnCheck

Published May 6, 2026 at 19:49

Affected Product

Vendor OpenClaw

Product OpenClaw

Affected Versions OpenClaw OpenClaw 0

CWE Classification

CWE-367

References

{
    "lastseen": "",
    "description": "OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that allows attackers to redirect writes outside the intended mount root. Attackers can exploit symlink swaps during filesystem operations to bypass sandbox restrictions and write files outside the local mount root.",
    "published": "2026-05-06T19:49:29.626Z",
    "modified": "2026-05-06T19:49:29.626Z",
    "type": "cve",
    "title": "OpenClaw < 2026.4.22 - Symlink Swap Race Condition in OpenShell FS Bridge Writes",
    "source": "VulnCheck",
    "references": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wppj-c6mr-83jj\nhttps://github.com/openclaw/openclaw/commit/7be82d4fd1193bcb7e44ee38838f00bf924ffa76\nhttps://www.vulncheck.com/advisories/openclaw-symlink-swap-race-condition-in-openshell-fs-bridge-writes",
    "id": "CVE-2026-44112",
    "bulletinFamily": "",
    "cwe": [
        "CWE-367"
    ],
    "cvelist": null,
    "sourceData": "OpenClaw OpenClaw 0",
    "sourceHref": "",
    "cvss": {
        "score": 6,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "OpenClaw",
    "version": "0",
    "vendor": "OpenClaw",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

OpenClaw < 2026.4.22 - Symlink Swap Race Condition in OpenShell FS Bridge Writes_CVE-2026-44112