Overview

A sandbox bypass vulnerability (CVE-2026-41329) has been reported in the OpenClaw product. the vulnerability involves the possibility of privilege escalation by a threat actor bypassing the sandbox.

Affected by

• affected Versions: openclaw version 2026.3.28 and earlier.
• patched versions: Confirmed fix in openclaw version 2026.3.31 and later.

Vulnerability details

• the vulnerability type is sandbox bypass and privilege escalation.
• the vulnerability cause is described as a possible security perimeter exit due to heartbeat context inheritance, specifically involving a senderIsOwner privilege escalation path.
• potential impact includes sandbox escape, privilege escalation, and the resulting risk of arbitrary code execution.

Advisory and Notes

• the issue is reportedly fixed in the latest update.
• patching of affected systems is recommended.
• for more information and the original instructions, please visit
  • https://github.com/openclaw/openclaw/security/advisories/GHSA-g5cg-8x5w-7jpm.