my photo

John Z Black

Brunswick, ME • (207) 245-1010 • contact@johnzblack.com

Blog / #sandbox-escape

Patch Now: OpenClaw CVE-2026-41296 Is a Full Sandbox Escape

John Z Black Apr 21, 2026

Vulnerabilities & Patching #openclaw #cve-2026-41296 #sandbox-escape #toctou #patch-now

A TOCTOU race condition in OpenClaw's file handling allows a full sandbox escape. Version 2026.3.31 fixes it. If you're running an older version, stop reading and go patch.

Read More

Docker's Authorization Bypass Is Back. It's Been Broken for a Decade.

John Z Black Apr 8, 2026

Vulnerabilities & Patching #docker #container-security #authz-bypass #cve-2026-34040 #ai-agents #sandbox-escape

Pad an HTTP request past 1MB and Docker's AuthZ plugins see nothing. CVE-2026-34040 has been sitting in Docker Engine since 2016, and researchers showed AI agents can be tricked into exploiting it.

Read More