CVE-2026-27646

MEDIUM openclaw NVD

CVSS Score 5.3

Severity MEDIUM

Published Mar 23, 2026

Vendor openclaw

Description

OpenClaw versions prior to 2026.3.7 contain a sandbox escape vulnerability in the /acp spawn command that allows authorized sandboxed sessions to initialize host-side ACP runtime. Attackers can bypass sandbox restrictions by invoking the /acp spawn slash-command to cross from sandboxed chat context into host-side ACP session initialization when ACP is enabled.

References

https://github.com/openclaw/openclaw/commit/61000b8e4ded919ca1a825d4700db4cb3fdc56e3
https://github.com/openclaw/openclaw/security/advisories/GHSA-9q36-67vc-rrwg
https://vulncheck.com/advisories/openclaw-mar-sandbox-escape-via-acp-spawn-command