What is CVE-2026-42434?

A CVSS 8.8 sandbox escape in OpenClaw v2026.4.5-4.10 where sandboxed agents override exec routing via host=node.

How does the sandbox escape work?

The routing table doesn't differentiate sandbox targets from remote when host=node is provided, allowing sandbox breakout.

Which versions are affected?

OpenClaw v2026.4.5 before v2026.4.10. Upgrade to v2026.4.10+ to fix.

Remote code execution outside sandbox, full host compromise, data leakage, lateral movement.

How to fix CVE-2026-42434?

Upgrade to openclaw >=2026.4.10. The fix blocks sandboxed agents from setting host to node or any remote identifier.

← Back to dashboard

clawsmith.com/signal/cve-2026-42434-sandbox-escape-host-node-routing

⚠ IssueWide OpenCoreLive

CVE-2026-42434: OpenClaw Sandbox Escape via host=node Parameter Override (CVSS 8.8)

Sandbox escape in OpenClaw v2026.4.5-2026.4.10. Sandboxed agents override exec routing by specifying host=node, bypassing sandbox to execute on remote nodes. CVSS 8.8. Enables RCE, full host compromise, lateral movement.

Product Idea from this Signal

A CLI tool that scans a running OpenClaw instance for active CVEs, malicious skills, and supply chain tampering before they get exploited

807 ▲

OpenClaw has accumulated 433+ CVEs in five months including critical auth bypasses (CVSS 9.8), sandbox escapes, and nation-state supply chain attacks targeting the npm ecosystem. Most operators have no idea which CVEs affect their specific version, whether their installed skills contain backdoors, or if their dependency tree has been tampered with. This tool runs a comprehensive security audit against a live OpenClaw instance and outputs an actionable remediation plan.

CLIOPEN-SOURCESECURITYDEVTOOLAUDIT

CompetitiveView Opportunity →