CVE-2026-28479
📋 TL;DR
OpenClaw versions before 2026.2.15 use deprecated SHA-1 hashing for sandbox identifier cache keys, making them vulnerable to collision attacks. Attackers can poison the cache to cause one sandbox configuration to be misinterpreted as another, potentially enabling unsafe sandbox state reuse. This affects all OpenClaw deployments using Docker or browser sandboxes with vulnerable versions.
💻 Affected Systems
- OpenClaw
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker could force a malicious sandbox configuration to be loaded instead of a legitimate one, potentially bypassing security controls and executing arbitrary code in what appears to be a trusted sandbox environment.
Likely Case
Cache poisoning leads to incorrect sandbox configurations being applied, causing application instability, privilege escalation within sandboxes, or unintended data access between sandboxed processes.
If Mitigated
With proper network segmentation and access controls, exploitation would be limited to internal attackers with network access to the OpenClaw management interface.
🎯 Exploit Status
Exploitation requires the attacker to generate SHA-1 collisions and have access to modify or influence sandbox configuration cache entries.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2026.2.15
Vendor Advisory: https://github.com/openclaw/openclaw/security/advisories/GHSA-fh3f-q9qw-93j9
Restart Required: Yes
Instructions:
1. Download OpenClaw version 2026.2.15 or later from the official repository. 2. Stop all OpenClaw services. 3. Backup current configuration. 4. Install the updated version. 5. Restart OpenClaw services. 6. Verify the cache hashing algorithm has been updated to SHA-256 or stronger.
🔧 Temporary Workarounds
Disable vulnerable sandbox features
allTemporarily disable Docker and browser sandbox features until patching is complete
openclaw config set sandbox.enabled false
systemctl restart openclaw
Clear sandbox cache regularly
linuxImplement scheduled cache clearing to reduce window for successful collision attacks
openclaw cache clear sandbox
crontab -e (add: 0 * * * * openclaw cache clear sandbox)
🧯 If You Can't Patch
- Implement strict network access controls to limit who can interact with OpenClaw sandbox configuration endpoints
- Monitor for unusual sandbox configuration changes or cache manipulation attempts
🔍 How to Verify
Check if Vulnerable:
Check OpenClaw version with 'openclaw --version' and verify it's below 2026.2.15. Also check if sandbox features are enabled in configuration.Check Version:
openclaw --versionVerify Fix Applied:
After updating, verify version is 2026.2.15 or higher and check that sandbox cache keys are using SHA-256 or stronger hashing algorithm.📡 Detection & Monitoring
Log Indicators:
- Unusual sandbox configuration changes
- Multiple cache key collisions in short time period
- Sandbox initialization failures with hash mismatch errors
Network Indicators:
- Unusual traffic patterns to sandbox configuration endpoints
- Multiple rapid requests to sandbox cache management APIs
SIEM Query:
source="openclaw" AND (event="sandbox_config_change" OR event="cache_collision")