CVE-2026-41296
Published: 21 April 2026
Summary
CVE-2026-41296 is a high-severity Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 9.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
AC-25 requires a reference monitor for reliable access mediation, directly preventing TOCTOU races in sandbox enforcement like the readFile function's separate path check and file read.
AC-3 mandates enforcement of access authorizations, addressing the failure to consistently restrict file reads within sandbox boundaries due to the race condition.
SC-50 requires robust software mechanisms for policy enforcement and separation, mitigating flaws in software sandboxes like the remote filesystem bridge's TOCTOU vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
TOCTOU race condition in remote FS bridge enables sandbox bypass for arbitrary file reads from low-priv context (facilitates T1005 Data from Local System) and constitutes exploitation for privilege escalation (T1068) due to scope change and high C/I impact.
NVD Description
OpenClaw before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesystem bridge readFile function that allows sandbox escape. Attackers can exploit the separate path validation and file read operations to bypass sandbox restrictions and read arbitrary files.
Deeper analysisAI
CVE-2026-41296, published on 2026-04-21, is a time-of-check-to-time-of-use (TOCTOU) race condition (CWE-367) in the remote filesystem bridge's readFile function within OpenClaw versions before 2026.3.31. The vulnerability arises from separate path validation and file read operations, allowing attackers to bypass sandbox restrictions and access arbitrary files on the system. It carries a CVSS v3.1 base score of 8.2 (AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N).
Attackers with low privileges (PR:L) can exploit this over the network (AV:N) without user interaction (UI:N), though it requires high attack complexity (AC:H). Successful exploitation changes the scope (S:C) to the broader system, enabling high-impact confidentiality and integrity violations (C:H/I:H), such as reading sensitive files outside the intended sandbox boundaries.
Mitigation details are provided in the GitHub commit at https://github.com/openclaw/openclaw/commit/121870a08583033ed6a0ed73d9ffea32991252bb, the OpenClaw security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-9p3r-hh9g-5cmg, and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-sandbox-escape-via-toctou-race-in-remote-fs-bridge-readfile, which address the race condition in affected versions.
Details
- CWE(s)