CVE-2026-41397
Published: 28 April 2026
Summary
CVE-2026-41397 is a medium-severity Link Following (CWE-59) vulnerability in Openclaw Openclaw. Its CVSS base score is 6.8 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 20.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-39 (Process Isolation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the CVE by requiring identification, reporting, and correction of the improper symlink resolution flaw in file synchronization operations through patching to OpenClaw 2026.3.31 or later.
Enforces approved access authorizations to system resources, preventing symlink exploitation from traversing directory boundaries and accessing arbitrary files outside sandbox restrictions.
Maintains separate execution domains for processes involved in file synchronization, containing symlink operations within sandbox boundaries to block directory traversal escapes.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Sandbox escape via symlink-based directory traversal in file sync operations directly enables unauthorized access to files outside intended boundaries, facilitating data collection from local system (T1005) and file/directory discovery (T1083).
NVD Description
OpenClaw before 2026.3.31 contains a sandbox escape vulnerability allowing attackers to traverse directory boundaries through symlink exploitation during file synchronization operations. Remote attackers can bypass sandbox restrictions by crafting malicious symlinks in mirror sync operations to access arbitrary files outside…
more
intended boundaries.
Deeper analysisAI
CVE-2026-41397 is a sandbox escape vulnerability in OpenClaw versions prior to 2026.3.31, stemming from improper link resolution (CWE-59) during file synchronization operations. The flaw enables directory traversal through symlink exploitation in mirror sync processes, allowing attackers to bypass sandbox restrictions and access files outside the intended boundaries. It carries a CVSS v3.1 base score of 6.8 (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N), indicating medium severity with high impacts on confidentiality and integrity.
Remote attackers with low privileges (PR:L) can exploit this vulnerability over the network (AV:N), though it requires high attack complexity (AC:H) with no user interaction needed. By crafting malicious symlinks within mirror sync operations, attackers can traverse directory boundaries, reading or modifying arbitrary files outside the sandbox, potentially leading to unauthorized data exposure or alteration.
Mitigation is addressed in OpenClaw's GitHub security advisory GHSA-cwf8-44x6-32c2 and fixing commits such as 3b9dab0ece4643a9643e6a45459f5c709d3ce320 and c02ee8a3a4cb390b23afdf21317aa8b2096854d1. Security practitioners should upgrade to OpenClaw 2026.3.31 or later, where symlink handling in file sync operations has been hardened to prevent traversal. Additional details are available in the VulnCheck advisory at vulncheck.com.
Details
- CWE(s)