CVE-2026-27523

Description

### Summary In `openclaw` up to and including **2026.2.23** (latest npm release as of **February 24, 2026**), sandbox bind-source validation could be bypassed when a bind source used a symlinked parent plus a non-existent leaf path. ### Affected Packages / Versions - Package: `openclaw` (npm) - Affected: `<= 2026.2.23` - Patched: `>= 2026.2.24` (planned next release) ### Root Cause `validateBindMounts` previously relied on full-path realpath only when the full source path already existed. For missing-leaf paths, parent symlink traversal was not fully canonicalized before allowed-root and blocked-path checks. ### Security Impact A source path that looked inside an allowed root could resolve outside that root (including blocked runtime paths) once the missing leaf was created, weakening sandbox bind-source boundary enforcement. ### Fix The validation path now canonicalizes through the nearest existing ancestor, then always re-checks the canonical path against both: - allowed source roots - blocked runtime paths ### Verification - `pnpm check` - `pnpm exec vitest run --config vitest.gateway.config.ts` - `pnpm test:fast` - Added regression tests for symlink-parent + missing-leaf bypass patterns. ### Fix Commit(s) - `b5787e4abba0dcc6baf09051099f6773c1679ec1` ### Release Process Note `patched_versions` is pre-set to the planned next release (`2026.2.24`) so after npm publish the advisory can be published without further field edits. OpenClaw thanks @tdjackey for reporting. ### Publication Update (2026-02-25) `[email protected]` is published on npm and contains the fix commit(s) listed above. This advisory now marks `>= 2026.2.24` as patched.

How to fix CVE-2026-27523

To remediate CVE-2026-27523, upgrade the affected package to a fixed version below.

• —upgrade to 2026.2.24 or later

Is CVE-2026-27523 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)