CVE-2026-42434

HIGH WAF: Low

CVSS 8.8 Published: 2026-05-05

CWE-863

OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape vulnerability allowing sandboxed agents to override exec routing by specifying host=node. Attackers can bypass sandbox boundaries and route execution to remote nodes instead of intended sandbox paths.

WAF Coverage Analysis

Incorrect Authorization Low WAF Coverage

OWASP: A01:2021 Broken Access Control

References

github.com
github.com
www.vulncheck.com

Back to CVE Database