Untriaged
Permalink
CVE-2026-32038
9.8 CRITICAL
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
OpenClaw - Sandbox Network Isolation Bypass via docker.network=container Parameter
OpenClaw before 2026.2.24 contains a sandbox network isolation bypass vulnerability that allows trusted operators to join another container's network namespace. Attackers can configure the docker.network parameter with container:<id> values to reach services in target container namespaces and bypass network hardening controls.
References
- GHSA Advisory GHSA-ww6v-v748-x7g9 third-party-advisory
- VulnCheck Advisory: OpenClaw - Sandbox Network Isolation Bypass via docker.network=container Parameter third-party-advisory
Affected products
OpenClaw
- <2026.2.24
- ==2026.2.24
Package maintainers
-
@chrisportela Chris Portela <chris@chrisportela.com>