CVE-2026-44112

Sažetak

OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that allows attackers to redirect writes outside the intended mount root. Attackers can exploit symlink swaps during filesystem operations to bypass sandbox restrictions and write files outside the local mount root.

Reference

https://github.com/openclaw/openclaw/commit/7be82d4fd1193bcb7e44ee38838f00bf924ffa76
https://github.com/openclaw/openclaw/security/advisories/GHSA-wppj-c6mr-83jj
https://www.vulncheck.com/advisories/openclaw-symlink-swap-race-condition-in-openshell-fs-bridge-writes

CVSS

Base:	9.6
Impact:	5.8
Exploitability:	3.1

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

Zadnje važnije ažuriranje

13-05-2026 - 17:16

Objavljeno

06-05-2026 - 20:16