CVE-2026-41329— OpenClaw < 2026.3.31 - Sandbox Bypass via Heartbeat Context Inheritance and senderIsOwner Escalation
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-41329
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenClaw < 2026.3.31 - Sandbox Bypass via Heartbeat Context Inheritance and senderIsOwner Escalation
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via heartbeat context inheritance and senderIsOwner parameter manipulation. Attackers can exploit improper context validation to bypass sandbox restrictions and achieve unauthorized privilege escalation.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
特权API的不正确使用
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenClaw 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.3.31之前版本存在安全漏洞,该漏洞源于通过心跳上下文继承和senderIsOwner参数操纵可绕过沙盒限制,可能导致未经授权的权限提升。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
II. Public POCs for CVE-2026-41329
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-41329
Please Login to view more intelligence information
Same Patch Batch · OpenClaw · 2026-04-20 · 15 CVEs total
| CVE-2026-41303 | 8.8 HIGH | OpenClaw < 2026.3.28 - Authorization Bypass in Discord Text Approval Commands |
| CVE-2026-41294 | 8.6 HIGH | OpenClaw < 2026.3.28 - Environment Variable Injection via CWD .env File |
| CVE-2026-41296 | 8.2 HIGH | OpenClaw < 2026.3.31 - Sandbox Escape via TOCTOU Race in Remote FS Bridge readFile |
| CVE-2026-41295 | 7.8 HIGH | OpenClaw < 2026.4.2 - Untrusted Workspace Channel Shadow Code Execution during Built-in Ch |
| CVE-2026-41297 | 7.6 HIGH | OpenClaw < 2026.3.31 - Server-Side Request Forgery via Marketplace Plugin Download Redirec |
| CVE-2026-41302 | 7.6 HIGH | OpenClaw < 2026.3.31 - Server-Side Request Forgery via Unguarded fetch() in Marketplace Pl |
| CVE-2026-41299 | 7.1 HIGH | OpenClaw < 2026.3.28 - Client Identity Spoofing in chat.send Gateway Provenance Guard |
| CVE-2026-41300 | 6.5 MEDIUM | OpenClaw < 2026.3.31 - Attacker-Discovered Endpoint Preservation in Remote Onboarding |
| CVE-2026-41389 | 5.8 MEDIUM | OpenClaw 2026.4.7 < 2026.4.15 - Arbitrary File Read via Unvalidated Tool-Result Media Path |
| CVE-2026-40045 | 5.7 MEDIUM | OpenClaw < 2026.4.2 - Cleartext Credential Transmission via Unencrypted WebSocket Gateway |
| CVE-2026-41298 | 5.4 MEDIUM | OpenClaw < 2026.4.2 - Authorization Bypass in Session Termination Endpoint |
| CVE-2026-41301 | 5.3 MEDIUM | OpenClaw 2026.3.22 < 2026.3.31 - Forged Nostr DM Pairing State Creation via Signature Veri |
| CVE-2026-41331 | 5.3 MEDIUM | OpenClaw < 2026.3.31 - Resource Consumption via Unauthorized Telegram Audio Preflight Tran |
| CVE-2026-41330 | 4.4 MEDIUM | OpenClaw < 2026.3.31 - Environment Variable Override via Host Exec Policy |
IV. Related Vulnerabilities
Same product: OpenClaw
- CVE-2026-44118
OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Tok - CVE-2026-44116
OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo P - CVE-2026-44117
OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot - CVE-2026-44115
OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted He - CVE-2026-44114
OpenClaw < 2026.4.20 - Environment Variable Namespace Collis
Same vendor: OpenClaw
- CVE-2026-44118
OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Tok - CVE-2026-44116
OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo P - CVE-2026-44117
OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot - CVE-2026-44115
OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted He - CVE-2026-44114
OpenClaw < 2026.4.20 - Environment Variable Namespace Collis
Same weakness: CWE-648
- CVE-2026-41386
OpenClaw < 2026.3.22 - Privilege Escalation via Unbound Boot - CVE-2026-35669
OpenClaw < 2026.3.25 - Privilege Escalation via Gateway Plug - CVE-2026-35663
OpenClaw < 2026.3.25 - Privilege Escalation via Backend Reco - CVE-2026-35645
OpenClaw < 2026.3.25 - Privilege Escalation via Synthetic op - CVE-2026-35639
OpenClaw < 2026.3.22 - Privilege Escalation via device.pair.
V. Comments for CVE-2026-41329
No comments yet