CVE-2026-27523
Published: 18 March 2026
Summary
CVE-2026-27523 is a medium-severity Path Traversal (CWE-22) vulnerability in Openclaw Openclaw. Its CVSS base score is 6.1 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 23.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the sandbox bind validation vulnerability by identifying, reporting, and patching to OpenClaw version 2026.2.24 or later.
Implements a reference monitor to enforce non-bypassable access controls for bind operations, preventing symlink-based path traversal escapes from sandbox boundaries.
Validates bind source path inputs for completeness and correctness to block crafted symlinked paths that resolve outside allowed sandbox roots.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Sandbox bind validation bypass (path traversal via symlinks) directly enables local sandbox escape for unauthorized host filesystem access/modification, mapping to container/sandbox breakout (T1611) achieved via vulnerability exploitation for privilege escalation (T1068).
NVD Description
OpenClaw versions prior to 2026.2.24 contain a sandbox bind validation vulnerability allowing attackers to bypass allowed-root and blocked-path checks via symlinked parent directories with non-existent leaf paths. Attackers can craft bind source paths that appear within allowed roots but resolve…
more
outside sandbox boundaries once missing leaf components are created, weakening bind-source isolation enforcement.
Deeper analysisAI
CVE-2026-27523 is a sandbox bind validation vulnerability (CWE-22) in OpenClaw versions prior to 2026.2.24. It enables attackers to bypass allowed-root and blocked-path checks by using symlinked parent directories with non-existent leaf paths. Attackers can craft bind source paths that initially appear to reside within allowed roots but resolve outside sandbox boundaries once the missing leaf components are created, thereby weakening bind-source isolation enforcement. The issue carries a CVSS v3.1 base score of 6.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L) and was published on 2026-03-18.
Local attackers with low privileges can exploit this vulnerability due to its low attack complexity and lack of required user interaction. By manipulating symlinks and creating missing path components post-validation, they can perform bind operations that escape sandbox boundaries, achieving high integrity impact through unauthorized file access or modification outside the isolated environment, alongside low availability impact.
Mitigation requires updating to OpenClaw version 2026.2.24 or later, where the issue is addressed via the fix in GitHub commit b5787e4abba0dcc6baf09051099f6773c1679ec1. Additional details are available in the GitHub Security Advisory GHSA-m8v2-6wwh-r4gc and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-sandbox-bind-validation-bypass-via-symlink-parent-missing-leaf-paths.
Details
- CWE(s)