CVE-2026-41329

Daily digests

OpenClaw before 2026.3.31 has a sandbox escape. An attacker can manipulate the senderIsOwner parameter and abuse heartbeat context inheritance to bypass sandbox restrictions and escalate privileges. The attack doesn't require physical access, but the attacker does need some level of existing access within the sandboxed environment to trigger it.

• Daily Digest · Apr 21, 2026

  4 CVSS 10.0s today, Spinnaker RCE tops the list