Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

CVE

CVE-2026-32046

OpenClaw: Chrome --no-sandbox disabled OS-level browser sandbox in sandbox browser container
Back to all
CVE

CVE-2026-32046

OpenClaw: Chrome --no-sandbox disabled OS-level browser sandbox in sandbox browser container

Summary

Sandbox browser container launched Chromium with --no-sandbox by default, disabling Chromium's OS-level sandbox protections.

Affected Packages / Versions

  • Package: openclaw (npm ecosystem)
  • Latest published npm version at triage time (2026-02-21): 2026.2.19-2
  • Affected range: <= 2026.2.19-2
  • Planned patched version for next release: 2026.2.21

Impact

When --no-sandbox is enabled by default, renderer compromise no longer requires a separate sandbox escape. This weakens container browser isolation and increases impact from renderer-side bugs.

Resolution

  • Default --no-sandbox removed from sandbox browser entrypoint.
  • Explicit opt-in added via OPENCLAWBROWSERNO_SANDBOX / CLAWDBOTBROWSERNO_SANDBOX.
  • Browser container hash migration + security audit checks added so stale containers are surfaced and can be recreated safely.

Fix Commit(s)

  • e7eba01efc4c3c400e9cfd3ce3d661cbc788a631
  • 1835dec2004fe7a62c6a7ba46b8485f124ec6199

Release Process Note

The advisory patched_versions field is pre-set to the planned next release (2026.2.21). After npm release publication, only advisory publish action should remain.

OpenClaw thanks @TerminalsandCoffee for reporting.

Package Versions Affected

Package Version
patch Availability
No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request

CVSS Version

Severity
Base Score
CVSS Version
Score Vector
C
H
U
4.8
-
4.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
C
H
U
0
-
C
H
U
-

Related Resources

No items found.

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-43x4-g22p-3hrq, https://nvd.nist.gov/vuln/detail/CVE-2026-32046, https://github.com/openclaw/openclaw/commit/1835dec2004fe7a62c6a7ba46b8485f124ec6199, https://github.com/openclaw/openclaw/commit/e7eba01efc4c3c400e9cfd3ce3d661cbc788a631, https://github.com/openclaw/openclaw, https://www.vulncheck.com/advisories/openclaw-os-level-sandbox-bypass-via-no-sandbox-flag

Severity

9.8

CVSS Score
0
10

Basic Information

Ecosystem
Base CVSS
9.8
EPSS Probability
0.00051%
EPSS Percentile
0.15871%
Introduced Version
0
Fix Available
2026.2.21

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.
Fix Without Upgrading