Two Critical OpenClaw CVEs Disclosed — CVE-2026-32918 and CVE-2026-32915 Patch Session Sandbox Escapes
Two critical security vulnerabilities in OpenClaw were publicly disclosed today, and if you’re running any version older than 2026.3.11, you need to patch immediately. Both CVEs involve sandbox escape — the ability for a subagent running in an isolated context to break out and access session state it shouldn’t be able to see or modify. This isn’t theoretical. The CVSS score for CVE-2026-32918 is 8.4 (High), and the attack path is alarmingly accessible. ...