GHSA-9p3r-hh9g-5cmg

Summary

Sandbox escape via TOCTOU race in remote FS bridge readFile

Current Maintainer Triage

• Normalized severity: critical
• Assessment: v2026.3.28 remote sandbox reads still do path-check then separate file read, so the TOCTOU sandbox escape remains present in the latest shipped tag.

Affected Packages / Versions

• Package: openclaw (npm)
• Latest published npm version: 2026.3.31
• Vulnerable version range: <=2026.3.28
• Patched versions: >= 2026.3.31
• First stable tag containing the fix: v2026.3.31

Fix Commit(s)

• 121870a08583033ed6a0ed73d9ffea32991252bb — 2026-03-31T09:55:51+09:00

OpenClaw thanks @AntAISecurityLab for reporting.