CVE-2026-41329 - Vulnerability Analysis
CriticalCVSS: 9.9Last Updated: April 21, 2026
OpenClaw - Privilege Escalation
Overview
OpenClaw < 2026.3.31 contains a sandbox bypass vulnerability caused by improper context validation in heartbeat context inheritance and senderIsOwner parameter manipulation, letting attackers escalate privileges, exploit requires crafted parameter manipulation.
Severity & Score
Impact
Attackers can bypass sandbox restrictions and escalate privileges, potentially gaining unauthorized access to sensitive system functions.
Mitigation
Update to version 2026.3.31 or later.
References
Social Media Activity(1 post)
Critical Privilege Escalation Vulnerability in OpenClaw AI Agent Platform OpenClaw patched a critical privilege escalation vulnerability (CVE-2026-41329) that allows remote attackers to bypass sandbox restrictions and gain full control over AI agent workflows. **If you use OpenClaw for AI automation, update to version 2026.3.31 ASAP to prevent unauthorized system access. Ensure your AI agents are isolated from sensitive internal networks to limit the impact of potential sandbox escapes.** #cybersecurity #infosec #advisory #vulnerability https://beyondmachines.net/event_details/critical-privilege-escalation-vulnerability-in-openclaw-ai-agent-platform-3-0-v-8-v/gD2P6Ple2L
View original postRelated Resources
Details
- CVE ID
- CVE-2026-41329
- Severity
- Critical
- CVSS Score
- 9.9
- Type
- broken_access_control
- Status
- unconfirmed
- EPSS
- 3.7%
- Social Posts
- 1
CWE
- CWE-648
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H