CVE-2026-32046CRITICAL 9.8EPSS p20.3%

CVE-2026-32046CVE-2026-32046

Description

OpenClaw versions prior to 2026.2.21 contain an improper sandbox configuration vulnerability that allows attackers to execute arbitrary code by exploiting renderer-side vulnerabilities without requiring a sandbox escape. Attackers can leverage the disabled OS-level sandbox protections in the Chromium browser container to achieve code execution on the host system.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.29% probability of exploitation · percentile 20.3% · 2026-06-19T12:03:05Z
Published2026-03-21
Last modified2026-03-24

Underlying weaknesses· 1

CWE-1188

References

  1. https://github.com/openclaw/openclaw/commit/1835dec2004fe7a62c6a7ba46b8485f124ec6199
  2. https://github.com/openclaw/openclaw/commit/e7eba01efc4c3c400e9cfd3ce3d661cbc788a631
  3. https://github.com/openclaw/openclaw/security/advisories/GHSA-43x4-g22p-3hrq
  4. https://www.vulncheck.com/advisories/openclaw-os-level-sandbox-bypass-via-no-sandbox-flag

1

TypeTargetConfidenceTier
WeaknessInitialization of a Resource with an Insecure Defaultcwe-11880%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-32048
CVE
CVE-2026-32064
CVE
CVE-2026-32026
CVE
CVE-2026-42434
CVE
CVE-2026-32052
CVE
CVE-2026-35650
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.