MEDIUM 5.3 npm
OpenClaw: OpenShell FS bridge writes stay pinned to the sandbox mount root
GHSA-wppj-c6mr-83jj · CVE-2026-44112
Published · Modified
Description
Summary
OpenShell FS bridge writes stay pinned to the sandbox mount root
Affected Packages / Versions
- Package: openclaw (npm)
- Affected versions: <= 2026.4.21
- Fixed version: 2026.4.22
Impact
A time-of-check/time-of-use race around OpenShell sandbox filesystem writes could let a symlink swap redirect a write outside the intended local mount root.
Fix
OpenShell write paths now validate the canonical target against the mount root, reject unsafe symlink parents and symlink leaves for writes, and use root-scoped write helpers before syncing to the remote sandbox.
Fix Commit(s)
- 7be82d4fd1193bcb7e44ee38838f00bf924ffa76
Verification
- The fix commit is contained in the public v2026.4.22 tag.
- openclaw@2026.4.22 is published on npm and the compiled package contains the fix.
- Focused regression coverage for this path passed before publication.
Thanks @VladimirEliTokarev for reporting.
References
- WEB https://github.com/openclaw/openclaw/security/advisories/GHSA-wppj-c6mr-83jj
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2026-44112
- WEB https://github.com/openclaw/openclaw/commit/7be82d4fd1193bcb7e44ee38838f00bf924ffa76
- PACKAGE https://github.com/openclaw/openclaw
- WEB https://www.vulncheck.com/advisories/openclaw-symlink-swap-race-condition-in-openshell-fs-bridge-writes
Ready to move
Start Securing
Free, no credit card | First findings in minutes