Vulnerability Description
OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that allows attackers to redirect writes outside the intended mount root. Attackers can exploit symlink swaps during filesystem operations to bypass sandbox restrictions and write files outside the local mount root.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openclaw | Openclaw | < 2026.4.22 |
Related Weaknesses (CWE)
References
- https://github.com/openclaw/openclaw/commit/7be82d4fd1193bcb7e44ee38838f00bf924fPatch
- https://github.com/openclaw/openclaw/security/advisories/GHSA-wppj-c6mr-83jjMitigationVendor Advisory
- https://www.vulncheck.com/advisories/openclaw-symlink-swap-race-condition-in-opeThird Party Advisory
FAQ
What is CVE-2026-44112?
CVE-2026-44112 is a vulnerability with a CVSS score of 9.6 (CRITICAL). OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that allows attackers to redirect writes outside the intended mount root. Attackers...
How severe is CVE-2026-44112?
CVE-2026-44112 has been rated CRITICAL with a CVSS base score of 9.6/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2026-44112?
Check the references section above for vendor advisories and patch information. Affected products include: Openclaw Openclaw.