What is CVE-2026-41296?

A time-of-check-time-of-use race condition in OpenClaw's remote filesystem bridge readFile function that allows attackers to bypass sandbox restrictions and read arbitrary files outside the sandbox. CVSS 8.8.

Which OpenClaw versions are affected by CVE-2026-41296?

OpenClaw versions before 2026.3.31 are affected. Update to 2026.3.31 or later to patch this vulnerability.

How does the TOCTOU sandbox escape work in OpenClaw?

The vulnerability exploits the gap between path validation and the actual file read operation. An attacker can change the target between these two steps, allowing the read to access files outside the intended sandbox.

Is CVE-2026-41296 being actively exploited?

No public proof-of-concept or active exploitation has been confirmed as of April 22, 2026. However, the vulnerability is rated HIGH severity and remote exploitation is possible.

How do I patch CVE-2026-41296 in OpenClaw?

Upgrade OpenClaw to version 2026.3.31 or later. Any release older than 2026.4.5 should be treated as potentially vulnerable to this and related April 2026 CVEs.

← Back to dashboard

clawsmith.com/signal/cve-2026-41296-toctou-sandbox-escape-readfile

⚠ IssueWide OpenLive

CVE-2026-41296: TOCTOU Race Condition in OpenClaw Filesystem Bridge Enables Sandbox Escape (CVSS 8.8)

Time-of-check-time-of-use race condition in remote filesystem bridge readFile allows sandbox escape. Attackers exploit separate path validation and file read operations. Published April 20, 2026.

Product Idea from this Signal

A security service that auto-patches OpenClaw CVEs within hours of disclosure before attackers exploit them

460.5k ▲

OpenClaw shipped 9 CVEs in 4 days (March 2026) including a CVSS 9.9 privilege escalation affecting 135K+ exposed instances. Most operators have no way to know which CVEs affect their version, no automated patching, and no coordination between the flood of advisories (156+ total) and their actual attack surface. This tool continuously monitors CVE feeds, maps each advisory to your installed version and enabled features, and applies safe mitigations automatically while queuing risky patches for human approval.

SECURITYCLIDEVTOOLOPEN-SOURCESYSADMIN

CompetitiveView Opportunity →