Main Vulnerability Database SB2026052923

SB2026052923 - Exposure of Resource to Wrong Sphere in OpenClaw

Published: May 29, 2026

Security Bulletin ID SB2026052923

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Exposure of Resource to Wrong Sphere (CVE-ID: N/A)

CWE-ID: CWE-668 - Exposure of resource to wrong sphere

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to exposure of resource to wrong sphere in sandboxed session spawn when forwarding a sandboxed parent session into a child session prompt. A remote user can cause a child session to inherit the real workspace path to disclose sensitive information.

Only instances with the affected feature enabled and reachable are vulnerable.

Remediation

Install update from vendor's website.

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-6c4r-g249-wv3c