my photo

John Z Black

Brunswick, ME • (207) 245-1010 • contact@johnzblack.com

Blog / #toctou

Patch Now: OpenClaw CVE-2026-41296 Is a Full Sandbox Escape

John Z Black Apr 21, 2026

Vulnerabilities & Patching #openclaw #cve-2026-41296 #sandbox-escape #toctou #patch-now

A TOCTOU race condition in OpenClaw's file handling allows a full sandbox escape. Version 2026.3.31 fixes it. If you're running an older version, stop reading and go patch.

Read More