Agents
CVE-2026-41329: Critical OpenClaw Sandbox Bypass Enables Privilege Escalation via Heartbeat Context Inheritance (CVSS 9.9)
Published April 21, CVE-2026-41329 is a critical sandbox bypass in OpenClaw before version 2026.3.31 that allows attackers to escalate privileges by manipulating heartbeat context inheritance and the senderIsOwner parameter. This is the latest in a string of OpenClaw security failures — the project disclosed 9 CVEs in 4 days in March 2026. No public PoC exists yet, but the CVSS 9.9 score and the attack's simplicity (improper context validation) make this urgent for any deployment running unpatched OpenClaw.
Source
↳ Follow the thread