CVE-2026-32038
Published: 19 March 2026
Summary
CVE-2026-32038 is a critical-severity Improper Access Control (CWE-284) vulnerability in Openclaw Openclaw. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 19.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-39 (Process Isolation) and SC-7 (Boundary Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the CVE by requiring timely identification, reporting, and correction of the sandbox network isolation bypass flaw in OpenClaw prior to 2026.2.24.
Mandates process isolation techniques, such as network namespaces, to prevent trusted operators from joining another container's network namespace.
Enforces boundary protection at internal network interfaces between containers to block unauthorized access to services despite namespace bypass attempts.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE enables remote exploitation of the OpenClaw service (T1190) to bypass container network isolation controls via docker.network configuration, directly facilitating container namespace escape (T1611) and modification of network/firewall hardening (T1562.004).
NVD Description
OpenClaw before 2026.2.24 contains a sandbox network isolation bypass vulnerability that allows trusted operators to join another container's network namespace. Attackers can configure the docker.network parameter with container:<id> values to reach services in target container namespaces and bypass network hardening…
more
controls.
Deeper analysisAI
CVE-2026-32038 is a sandbox network isolation bypass vulnerability (CWE-284) affecting OpenClaw versions before 2026.2.24. The flaw enables trusted operators to join another container's network namespace by configuring the docker.network parameter with container:<id> values, allowing access to services in target container namespaces and bypassing network hardening controls. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low complexity, and lack of required privileges or user interaction.
Attackers able to configure the docker.network parameter, such as trusted operators in a containerized environment, can exploit this vulnerability remotely. By specifying a target container ID, they join its network namespace, gaining unauthorized access to isolated services across containers. This bypasses intended network segmentation, potentially enabling data exfiltration, service disruption, or further compromise with high impacts on confidentiality, integrity, and availability.
Mitigation involves upgrading to OpenClaw 2026.2.24 or later, as indicated by the affected version range. Detailed remediation guidance is available in the official advisories at https://github.com/openclaw/openclaw/security/advisories/GHSA-ww6v-v748-x7g9 and https://www.vulncheck.com/advisories/openclaw-sandbox-network-isolation-bypass-via-docker-network-container-parameter.
Details
- CWE(s)