DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-WW6V-V748-X7G9: GHSA-WW6V-V748-X7G9: Sandbox Network Isolation Bypass in OpenClaw via Docker Container Mode

#security #cve #cybersecurity #ghsa

GHSA-WW6V-V748-X7G9: Sandbox Network Isolation Bypass in OpenClaw via Docker Container Mode

Vulnerability ID: GHSA-WW6V-V748-X7G9
CVSS Score: Critical
Published: 2026-03-02

OpenClaw versions prior to 2026.2.24 contain a critical vulnerability in the sandbox network validation logic. While the system correctly blocked the Docker 'host' network mode to prevent host-level access, it failed to validate against the 'container:' syntax. This oversight allows a malicious or misconfigured sandboxed agent to define its network mode as joining another container's network namespace. By doing so, the sandboxed process bypasses network isolation, gaining access to the target container's private network identity, loopback interface, and internal services.

TL;DR

A validation flaw in OpenClaw allows sandboxed agents to bypass network isolation by using Docker's 'container:' network mode. This grants access to other containers' namespaces. Fixed in version 2026.2.24.

Technical Details

  • Vulnerability Type: Sandbox Network Isolation Bypass
  • CWE ID: CWE-668: Exposure of Resource to Wrong Sphere
  • Severity: Critical
  • Affected Component: src/agents/sandbox/validate-sandbox-security.ts
  • Attack Vector: Configuration (Local/Remote)
  • Patch Date: 2026-02-24

Affected Systems

  • OpenClaw Agent Runtime
  • OpenClaw Sandbox Manager
  • openclaw: < 2026.2.24 (Fixed in: 2026.2.24)

Code Analysis

Commit: 14b6eea

Fix: block container:* network mode in sandbox validation

Commit: 5552f90

Add security audit check for dangerous network modes

Mitigation Strategies

  • Upgrade OpenClaw to version 2026.2.24 or later immediately.
  • Audit all existing agent configurations for dangerous network modes.
  • Restrict permissions to modify the openclaw.yml or agent configuration files.

Remediation Steps:

  1. Stop the OpenClaw service.
  2. Install the latest package: npm update openclaw or pull the latest Docker image.
  3. Run the security audit tool: openclaw security audit --deep.
  4. Review the output for sandbox.dangerous_network_mode findings.
  5. Restart the OpenClaw service.

References

Read the full report for GHSA-WW6V-V748-X7G9 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)