DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-W7J5-J98M-W679: GHSA-W7J5-J98M-W679: Excessive Privileges (Root Execution) in OpenClaw Containers

#security #cve #cybersecurity #ghsa

GHSA-W7J5-J98M-W679: Excessive Privileges (Root Execution) in OpenClaw Containers

Vulnerability ID: GHSA-W7J5-J98M-W679
CVSS Score: 8.5 (Estimated)
Published: 2026-03-03

OpenClaw, a popular open-source AI assistant, was found to execute critical containerized processes with full root privileges. This configuration violates the principle of least privilege and significantly lowers the barrier for attackers to achieve persistence or container escape following a compromise. The vulnerability affects multiple Dockerfiles used for end-to-end testing and sandboxing.

TL;DR

OpenClaw Docker containers run as root (UID 0) by default. If an attacker gains Remote Code Execution (RCE) via the AI assistant, they immediately possess root access within the container, facilitating system modification and potential host escape. Fixed in recent updates by introducing a non-root 'sandbox' user.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-250
  • CWE Name: Execution with Unnecessary Privileges
  • CVSS (Est.): 8.5 (High)
  • Attack Vector: Network / Local
  • Privileges Required: None
  • Exploit Status: PoC Available

Affected Systems

  • OpenClaw (npm package)
  • OpenClaw Docker Images
  • OpenClaw: < Feb 2026 Hygiene Patch (Fixed in: Commit 28e1a65)

Code Analysis

Commit: 28e1a65

Project hygiene: Introduce non-root sandbox user in Dockerfiles

RUN useradd --create-home --shell /bin/bash sandbox
USER sandbox
Enter fullscreen mode Exit fullscreen mode

Exploit Details

Mitigation Strategies

  • Update to patched Docker images containing the non-root user configuration
  • Enforce non-root execution at runtime via Docker or Kubernetes security contexts
  • Drop unnecessary Linux capabilities (CAP_DROP) to restrict root power

Remediation Steps:

  1. Pull the latest version of the OpenClaw repository.
  2. Rebuild Docker images ensuring Dockerfile.sandbox contains USER sandbox.
  3. Verify the running user by executing docker exec <container_id> whoami (should return 'sandbox').
  4. If using unpatched images, update deployment scripts to include --user 1000:1000.

References

Read the full report for GHSA-W7J5-J98M-W679 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)