CVE-2026-32060 Exposes High-Severity Sandbox Escape in OpenClaw Gateway RPC
What Happened
Security researchers disclosed CVE-2026-32060, a high-severity (CVSS 8.8) path traversal vulnerability in OpenClaw's gateway RPC system. The flaw, classified as CWE-22, affects all OpenClaw versions prior to 2026.3.11 and allows authenticated users with the operator.write role to escape the workspace sandbox.
The vulnerability exists because OpenClaw's public gateway agent RPC accepted caller-supplied spawnedBy and workspaceDir values without validating them against the agent's configured workspace boundary. An attacker could craft an RPC call containing path traversal sequences or absolute paths in the workspaceDir parameter, effectively re-rooting the agent's execution environment to any directory accessible by the OpenClaw process.
The fix, shipped in v2026.3.11, enforces strict workspace boundary validation on all incoming RPC workspace directory parameters.
Why It Matters
This vulnerability is particularly concerning given the scale of OpenClaw's deployment. Earlier research revealed over 40,000 OpenClaw instances exposed on the public internet, many of which may still be running vulnerable versions. An attacker exploiting CVE-2026-32060 could gain read, write, and execute access to arbitrary files on the host system — a complete sandbox escape.
The disclosure adds to a growing list of OpenClaw CVEs in early 2026, including a critical WebSocket origin bypass, an exec approval bypass, and credential exposure in setup codes. The pattern suggests the project's security posture is struggling to keep pace with its explosive growth.
What's Next
Organizations running OpenClaw should immediately verify they are on v2026.3.11 or later. Security teams should audit logs for anomalous workspace directory values in gateway RPC calls, which could indicate exploitation attempts. The OpenClaw project is expected to publish a comprehensive security hardening guide as part of its transition to an open-source foundation.