CVE

GHSA-2rqg-gjgv-84jm

OpenClaw: Gateway `agent` calls could override the workspace boundary

CVE

GHSA-2rqg-gjgv-84jm

OpenClaw: Gateway `agent` calls could override the workspace boundary

Summary

The public gateway agent RPC allowed an authenticated operator with operator.write to supply attacker-controlled spawnedBy and workspaceDir values. That let the caller re-root the agent run outside its configured workspace boundary.

Impact

A non-owner operator could escape the intended workspace boundary and run normal file and exec tools from an arbitrary process-accessible directory.

Affected versions

openclaw <= 2026.3.8

Patch

Fixed in openclaw 2026.3.11 and included in later releases such as 2026.3.12. The gateway now enforces the configured workspace boundary for agent runs regardless of caller-supplied overrides.

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8

3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Related Resources

No items found.

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-2rqg-gjgv-84jm, https://github.com/openclaw/openclaw, https://github.com/openclaw/openclaw/releases/tag/v2026.3.11

Severity

8.8

CVSS Score

Basic Information

Ecosystem

Base CVSS

8.8

EPSS Probability

EPSS Percentile

Introduced Version

0,2026.2.2,2026.2.6-1,2026.1.29-beta.1,2026.1.27-beta.1,2026.1.14-1,2026.1.9

Fix Available

2026.3.11,2026.3.12

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

GHSA-2rqg-gjgv-84jm

GHSA-2rqg-gjgv-84jm

Summary

Impact

Affected versions

Patch

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

8.8

Basic Information

Fix Critical Vulnerabilities Instantly