CVE-2026-28479
Published: 05 March 2026
Summary
CVE-2026-28479 is a high-severity Use of a Broken or Risky Cryptographic Algorithm (CWE-327) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 7.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-28479, published on 2026-03-05, affects OpenClaw versions prior to 2026.2.15 and is classified under CWE-327 (Broken or Risky Cryptographic Algorithm). The vulnerability arises from the use of the deprecated SHA-1 hashing algorithm to generate cache keys for sandbox identifiers in Docker and browser sandbox configurations. SHA-1's susceptibility to collision attacks enables cache poisoning, where an attacker can cause one sandbox configuration to be misinterpreted as another, leading to unsafe reuse of sandbox state.
A remote network attacker requires no privileges, low complexity, and no user interaction (CVSSv3.1 score of 7.5: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) to exploit this issue. By crafting inputs with colliding SHA-1 hashes, the attacker can poison the sandbox identifier cache, tricking the system into associating an attacker-controlled configuration with a legitimate one. This results in high confidentiality impact through potential unauthorized access to sensitive data in reused sandbox states.
Mitigation is provided in OpenClaw version 2026.2.15 and later. The patching commit is available at https://github.com/openclaw/openclaw/commit/559c8d9930eebb5356506ff1a8cd3dbaec92be77, with further details in the GitHub security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-fh3f-q9qw-93j9 and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-cache-poisoning-via-deprecated-sha-hash-in-sandbox-configuration.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-9925
Vulnerability details
OpenClaw versions prior to 2026.2.15 use SHA-1 to hash sandbox identifier cache keys for Docker and browser sandbox configurations, which is deprecated and vulnerable to collision attacks. An attacker can exploit SHA-1 collisions to cause cache poisoning, allowing one sandbox…
more
configuration to be misinterpreted as another and enabling unsafe sandbox state reuse.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated network exploitation of public-facing sandbox cache logic (T1190) directly enables unauthorized access to sensitive data via poisoned sandbox state reuse (T1005).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires implementation of strong cryptographic protections, directly preventing use of deprecated SHA-1 hashing vulnerable to collision attacks in sandbox identifier cache keys.
Mandates timely flaw remediation, such as patching OpenClaw to version 2026.2.15 or later to eliminate the SHA-1 cache poisoning vulnerability.
Facilitates vulnerability scanning to identify and detect the use of weak SHA-1 in sandbox configurations as in CVE-2026-28479.