Main Vulnerability Database Vulnerabilities #VU129419

Race condition in OpenClaw - CVE-2026-32018

Published: May 4, 2026

Vulnerability identifier: #VU129419

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-32018

CWE-ID: CWE-362

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: OpenClaw

Affected software:
OpenClaw

Detailed vulnerability description

The vulnerability allows a local user to cause sandbox state corruption.

The vulnerability exists due to a race condition in sandbox registry write operations when processing concurrent updateRegistry and removeRegistryEntry operations. A local user can trigger concurrent registry updates to cause sandbox state corruption.

The issue can lead to lost updates or resurrection of removed entries and can affect sandbox list, sandbox prune, and sandbox recreate --all behavior.

How to mitigate CVE-2026-32018

Install security update from vendor's website.

Race condition in OpenClaw - CVE-2026-32018

Detailed vulnerability description

How to mitigate CVE-2026-32018

Sources

Please verify you're human