GHSA-474h-prjg-mmw3
Suggest an improvement- Source
- https://github.com/advisories/GHSA-474h-prjg-mmw3
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-474h-prjg-mmw3/GHSA-474h-prjg-mmw3.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-474h-prjg-mmw3
- Downstream
- Published
- 2026-03-03T21:31:57Z
- Modified
- 2026-03-04T15:11:35.777090Z
- Severity
-
- 8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- OpenClaw: Sandboxed sessions_spawn(runtime="acp") bypassed sandbox inheritance and allowed host ACP initialization
- Details
-
Summary
Sandboxed
sessions_spawn(runtime="acp")could bypass sandbox inheritance and initialize host-side ACP runtime. The fix now fail-closes ACP spawn from sandboxed requester sessions and rejectssandbox="require"forruntime="acp".Affected Packages / Versions
- Package:
openclaw(npm) - Latest published npm version at triage time:
2026.3.1(March 2, 2026) - Vulnerable range:
<=2026.3.1 - Patched release:
2026.3.2(released)
Technical Details
- Root cause:
runtime="subagent"enforced sandbox inheritance, whileruntime="acp"did not enforce equivalent sandbox/runtime checks. - Security impact: sandbox-boundary bypass into host-side ACP initialization.
- Fixed behavior:
- deny ACP spawn when requester runtime is sandboxed
- deny
sessions_spawnwithruntime="acp", sandbox="require" - align sandboxed prompt guidance to avoid advertising blocked ACP paths
Fix Commit(s)
ac11f0af731d41743ba02d8595f4d0fe747336e3c703aa0fe92df9fb71cf254fc46991e05fba2114
- Package:
- Database specific
{ "github_reviewed_at": "2026-03-03T21:31:57Z", "github_reviewed": true, "cwe_ids": [ "CWE-269" ], "nvd_published_at": null, "severity": "HIGH" }- References
Affected packages
npm / openclaw
Package
- Name
- openclaw
- View open source insights on deps.dev
- Purl
- pkg:npm/openclaw