OpenClaw: OpenShell FS bridge writes stay pinned to the sandbox mount root — CVE-2026-44112
GitHub · GitHub · CVE-2026-44112
ID
CVE-2026-44112
CVE-2026-44112
Date
Updated
Activity
Source
GitHub
GitHub
Vendor
GitHub
GitHub
Threat
medium
medium
CVSS
6
6
EPSS
0.0003
0.0003
Summary
## Summary OpenShell FS bridge writes stay pinned to the sandbox mount root ## Affected Packages / Versions - Package: openclaw (npm) - Affected versions: <= 2026.4.21 - Fixed version: 2026.4.22 ## Impact A time-of-check/time-of-use race around OpenShell sandbox filesystem writes could let a symlink swap redirect a write outside the intended local mount root. ## Fix OpenShell write paths now validate the canonical…
Product
npm: openclaw
What to do
General, cautious steps (verify details in the official source):
- Review exposure and plan remediation based on risk and environment.
- Identify affected product versions in your inventory and verify whether you are impacted.
- Apply vendor patches/updates or recommended mitigations as soon as available.
- Read the official advisory for exact affected versions and remediation steps.