Skip to content
CVSS 8.8 · HIGH

CVE-2026-42434

OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape vulnerability allowing sandboxed agents to override exec routing by specifying host=node. Attackers can bypass sandbox boundaries and route execution to remote nodes instead of intended sandbox paths.

View on NVD

Analysis

OpenClaw is a niche agent orchestration tool, and while this sandbox escape allows remote code execution on nodes, the product is not widely adopted enough in the general developer community to warrant an alert. The impact is localized to specific users of this specialized platform.

Severity

Score: 8.8(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: LOW
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE): CWE-863

EPSS

Probability of exploitation (next 30 days): 0.0005 (0.1%)
Percentile: 15.5%
EPSS: 2026-05-06

Technical description

OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape vulnerability allowing sandboxed agents to override exec routing by specifying host=node. Attackers can bypass sandbox boundaries and route execution to remote nodes instead of intended sandbox paths.

Published: 5/5/2026, 12:16:17 PM
Last modified: 5/5/2026, 7:47:31 PM

References

HomeEventsBlogResourcesTeam